LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   vpn can't access from window network (https://www.linuxquestions.org/questions/linux-networking-3/vpn-cant-access-from-window-network-726385/)

vijay1585 05-16-2009 06:19 AM
vpn can't access from window network
 
Hi
i am using Redhat EL5
squid and dansguardian running in my proxy server
IP address details
eth 1
iP address 192.168.1.3
sub net 255.255.255.0
gate way 192.168.1.2(my firewall ip address)

eth2
ip address 192.168.30.2
subnet 255.255.255.0


problem is i cant connect vpn in client system(clients all are using windows XP).

windows network gateway address is eth2(192.168.30.2)

my iptables configuration

touch /var/lock/subsys/local
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

iptables -F
iptables -t nat -F
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_nat_irc


# for vpn access
iptables -t nat -A PREROUTING -p udp -s 192.168.30.0/24 -d 0/0 --dport 1723 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 3247 -j DNAT --to 192.168.1.3
#here 0/0 is my destination ip 65.74.131.53
#for mail access
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 25 -j SNAT --to 192.168.1.3 # smtp
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 7110 -j SNAT --to 192.168.1.3 #pop3
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 7071 -j SNAT --to 192.168.1.3 # for mail server admin access
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 81 -j SNAT --to 192.168.1.3

#this is for norestriction users with out content filtering
iptables -t nat -A POSTROUTING -s 192.168.30.11 -d 0/0 -j SNAT --to 192.168.1.3
-------------
my windows network can send and recive mail by microsoft outlook express

internet browsing also access well

i can't connect vpn in lan network


if i use windows network gateway like eth1(192.168.1.3),the below iptables can connect vpn in windows network

iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24 -d 0/0 --dport 1723 -j SNAT --to 192.168.1.3
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 3247 -j SNAT --to 192.168.1.3


but one drawback:
i can't use proxy port. porxy is authantication based access,so user can easily access internet browsing without Content Filtering and Internet Access Restriction.

please help me
i want iptables port nat rule for 192.168.30.0/24 to 192.168.1.3
Regards
Vijay


All times are GMT -5. The time now is 03:51 PM.