LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page iptables questions for a vpn with fc3 workstation
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-24-2005, 06:35 PM   #1
rchristophe
LQ Newbie
 
Registered: Jun 2005
Location: la
Distribution: fedora core, slackware, red hat 9
Posts: 1

Rep: Reputation: 0
iptables questions for a vpn with fc3 workstation

hi there,
i am very new to linux and just setup my first vpn with fc3 workstation and the poptop vpn solution. what a great feeling to login to my system. here's my iptables questions:
when i flush the iptables -F
i can vpn in using pptpd, get an ipaddress, traverse my network and access the server that i have setup. once connected I can ping my local resources.

i want to lock this system down so that ONLY IP traffic goes from the client to the local server. Here's the scenario:
vpn client PPTP
connect to VPN server which is connected to Internet and a local netware gear hub
VPN server is connected to netgear hub
A Windows server is connected to the netgear hub

with the default iptables settings it doesn't work. with a flush, it works fine.

any excellent iptable guides available that some could recommend. Thanks.

- chris.
 
Old 06-25-2005, 07:02 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
welcome to LQ!

this is a nice iptables tutorial: http://iptables-tutorial.frozentux.n...-tutorial.html

as for the VPN thing, have you tried searching LQ to see if there's any info here that would help you find the rules you need?? you can search LQ using google like this:

http://www.google.com/search?&q=ipta...xquestions.org

BTW, according to this link:
Quote:
A PPTP VPN server requires TCP port 1723 forwarded to the VPN server, as well as the GRE protocol (protocol 47).
so i did a search for "iptables 47 gre" here at LQ and the first result was:

http://www.linuxquestions.org/questions/history/210334

the last post on that thread seems to sum it all up:
Quote:
Originally posted by stevesl here
VPN (in the simplified MicroS*ft rras 56-but encryption client sense) is IP protocol # 47 (or GRE) AND IP protocol TCP port 1723.

EX:
assume for simplicity: iptables -P FORWARD ACCEPT
then:
echo ">>>--- setup nat VPN"
iptables -t nat -A PREROUTING -i <Public-IFace> -p gre -d <VPN-Public-IP> -j DNAT --to-destination <VPN-DMZ-IP>
iptables -t nat -A PREROUTING -i <Public-IFace> -p tcp --sport 1024:65535 -d <VPN-Public-IP> --dport 1723 -j DNAT --to-destination <VPN-DMZ-IP>
anyways, i've never done any VPN so i'm not sure about any of this...

but i saw you hadn't received any replies so i figured i'd help get the ball rolling...

just my ... good luck...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vpn behind iptables kris2002 Linux - Networking 3 06-26-2005 10:18 AM
Fresh FC3 Install - Dual Boot Fedora Core 3 Workstation/Server Possible ? testguyct Fedora 1 03-15-2005 05:10 AM
iptables VPN bentman78 Linux - Software 0 05-03-2004 07:27 AM
VPN / Iptables a_borg1 Linux - Networking 0 08-13-2003 07:20 PM
iptables and vpn buttnutt Linux - Security 1 05-29-2002 02:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:42 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration