vpn passed from RH9 firewall to OS X server - not quite
 

I'm using the rc.firewall script on a dual-homed RedHat 9 (gateway) machine. I'm forwarding ports 1723 (pptp) and 500 (ipsec) to an Apple OS X server (vpn) on the internal network. The vpn server shows in the logs that a connection is inbound and that an IP address is being assigned. Immediatly after the connection is dropped with the message "Client With Address 192.168.1.221 was hungup." This repeats about five times before the connection gives up for good and the user gets an error. Is this a problem with acks being passed properly? Is it a problem on the vpn server? Or am I not forwarding enough/the right ports? I'm going to stick with pptp for now and then move on to l2tp. Unless it's easier!

Thanks!

The docs also mention forwarding protocol 47 (GRE)..

I also added the pptp conntrack & nat patches from patch-o-matic at www.netfilter.org to allow more than 1 concurrent connection...

now that's not forwarding a port... How would I specify that in rc.firewalls? Or how would I do it otherwise?

iptables -t nat -A PREROUTING -i eth~ -p 47 -j DNAT --to-destination Mac Box

What if I added this but I'm still getting the same error? :P