vpn can't access from window network
Hi
i am using Redhat EL5
squid and dansguardian running in my proxy server
IP address details
eth 1
iP address 192.168.1.3
sub net 255.255.255.0
gate way 192.168.1.2(my firewall ip address)
eth2
ip address 192.168.30.2
subnet 255.255.255.0
problem is i cant connect vpn in client system(clients all are using windows XP).
windows network gateway address is eth2(192.168.30.2)
my iptables configuration
touch /var/lock/subsys/local
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
iptables -F
iptables -t nat -F
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_nat_irc
# for vpn access
iptables -t nat -A PREROUTING -p udp -s 192.168.30.0/24 -d 0/0 --dport 1723 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 3247 -j DNAT --to 192.168.1.3
#here 0/0 is my destination ip 65.74.131.53
#for mail access
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 25 -j SNAT --to 192.168.1.3 # smtp
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 7110 -j SNAT --to 192.168.1.3 #pop3
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 7071 -j SNAT --to 192.168.1.3 # for mail server admin access
iptables -t nat -A POSTROUTING -p tcp -s 192.168.30.0/24 -d 0/0 --dport 81 -j SNAT --to 192.168.1.3
#this is for norestriction users with out content filtering
iptables -t nat -A POSTROUTING -s 192.168.30.11 -d 0/0 -j SNAT --to 192.168.1.3
-------------
my windows network can send and recive mail by microsoft outlook express
internet browsing also access well
i can't connect vpn in lan network
if i use windows network gateway like eth1(192.168.1.3),the below iptables can connect vpn in windows network
iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24 -d 0/0 --dport 1723 -j SNAT --to 192.168.1.3
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 0/0 --dport 3247 -j SNAT --to 192.168.1.3
but one drawback:
i can't use proxy port. porxy is authantication based access,so user can easily access internet browsing without Content Filtering and Internet Access Restriction.
please help me
i want iptables port nat rule for 192.168.30.0/24 to 192.168.1.3
Regards
Vijay
Last edited by vijay1585; 05-16-2009 at 06:28 AM.
Reason: i am using authandication squid proxy. i want tell about full access internet browsing
|