Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 06-24-2005, 06:35 PM   #1
LQ Newbie
Registered: Jun 2005
Location: la
Distribution: fedora core, slackware, red hat 9
Posts: 1

Rep: Reputation: 0
iptables questions for a vpn with fc3 workstation

hi there,
i am very new to linux and just setup my first vpn with fc3 workstation and the poptop vpn solution. what a great feeling to login to my system. here's my iptables questions:
when i flush the iptables -F
i can vpn in using pptpd, get an ipaddress, traverse my network and access the server that i have setup. once connected I can ping my local resources.

i want to lock this system down so that ONLY IP traffic goes from the client to the local server. Here's the scenario:
vpn client PPTP
connect to VPN server which is connected to Internet and a local netware gear hub
VPN server is connected to netgear hub
A Windows server is connected to the netgear hub

with the default iptables settings it doesn't work. with a flush, it works fine.

any excellent iptable guides available that some could recommend. Thanks.

- chris.
Old 06-25-2005, 07:02 AM   #2
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
welcome to LQ!

this is a nice iptables tutorial: http://iptables-tutorial.frozentux.n...-tutorial.html

as for the VPN thing, have you tried searching LQ to see if there's any info here that would help you find the rules you need?? you can search LQ using google like this:

BTW, according to this link:
A PPTP VPN server requires TCP port 1723 forwarded to the VPN server, as well as the GRE protocol (protocol 47).
so i did a search for "iptables 47 gre" here at LQ and the first result was:

the last post on that thread seems to sum it all up:
Originally posted by stevesl here
VPN (in the simplified MicroS*ft rras 56-but encryption client sense) is IP protocol # 47 (or GRE) AND IP protocol TCP port 1723.

assume for simplicity: iptables -P FORWARD ACCEPT
echo ">>>--- setup nat VPN"
iptables -t nat -A PREROUTING -i <Public-IFace> -p gre -d <VPN-Public-IP> -j DNAT --to-destination <VPN-DMZ-IP>
iptables -t nat -A PREROUTING -i <Public-IFace> -p tcp --sport 1024:65535 -d <VPN-Public-IP> --dport 1723 -j DNAT --to-destination <VPN-DMZ-IP>
anyways, i've never done any VPN so i'm not sure about any of this...

but i saw you hadn't received any replies so i figured i'd help get the ball rolling...

just my ... good luck...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
vpn behind iptables kris2002 Linux - Networking 3 06-26-2005 10:18 AM
Fresh FC3 Install - Dual Boot Fedora Core 3 Workstation/Server Possible ? testguyct Fedora 1 03-15-2005 05:10 AM
iptables VPN bentman78 Linux - Software 0 05-03-2004 07:27 AM
VPN / Iptables a_borg1 Linux - Networking 0 08-13-2003 07:20 PM
iptables and vpn buttnutt Linux - Security 1 05-29-2002 02:46 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:47 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration