vpn can't access from window network
Hi
i am using Redhat EL5 squid and dansguardian running in my proxy server IP address details eth 1 iP address 192.168.1.3 sub net 255.255.255.0 gate way 192.168.1.2(my firewall ip address) eth2 ip address 192.168.30.2 subnet 255.255.255.0 problem is i cant connect vpn in client system(clients all are using windows XP). windows network gateway address is eth2(192.168.30.2) my iptables configuration touch /var/lock/subsys/local echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all iptables -F iptables -t nat -F modprobe iptable_nat modprobe ip_nat_ftp modprobe ip_nat_irc # for vpn access iptables -t nat -A PREROUTING -p udp -s 192.168.30.0/24 -d 0/0 --dport 1723 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 3247 -j DNAT --to 192.168.1.3 #here 0/0 is my destination ip 65.74.131.53 #for mail access iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 25 -j SNAT --to 192.168.1.3 # smtp iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 7110 -j SNAT --to 192.168.1.3 #pop3 iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 7071 -j SNAT --to 192.168.1.3 # for mail server admin access iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 81 -j SNAT --to 192.168.1.3 #this is for norestriction users with out content filtering iptables -t nat -A POSTROUTING -s 192.168.30.11 -d 0/0 -j SNAT --to 192.168.1.3 ------------- my windows network can send and recive mail by microsoft outlook express internet browsing also access well i can't connect vpn in lan network if i use windows network gateway like eth1(192.168.1.3),the below iptables can connect vpn in windows network iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24 -d 0/0 --dport 1723 -j SNAT --to 192.168.1.3 iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 3247 -j SNAT --to 192.168.1.3 but one drawback: i can't use proxy port. porxy is authantication based access,so user can easily access internet browsing without Content Filtering and Internet Access Restriction. please help me i want iptables port nat rule for 192.168.30.0/24 to 192.168.1.3 Regards Vijay |
All times are GMT -5. The time now is 03:51 PM. |