VPN revisited.

[IanC]

> /sbin/iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to $vpnserver:1723
> /sbin/iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
> /sbin/iptables -t nat -A PREROUTING -j pptp

What would the $RED_DEV variable signify?



On Fri, Aug 15, 2008 at 2:46 PM, Sevan / Venture37
<venture37 at hotmail.com> wrote:
>
>> Yes, its those very kernel modules and iptables rules Im currently
>> wrestling with, to no avail.
>>
>> At the moment, Ive loaded ip_conntrack_pptp and reduced my iptables
>> rules to the minimum needed to have coovachilli function, plus
>> allowing related and established. There is nothing blocking the
>> connection and I can telnet to 1723 on the VPN box without issue. The
>> issue seems to be pass through or something else but I havent narrowed
>> it down farther. It just seems like the communication between pptp
>> client and vpn server goes haywire during the transaction. There is no
>> one else using VPN through this system right now.
>>
>> Does anyone have experience with this?
>>
>> Any help would be mucho appreciated at this point.
>>
>> --Ian
>
> It's not only port 1723, you need to pass protocol 47 aswell
> eg
>
> vpnserver="172.16.0.2"
> /sbin/iptables -N pptp
> /sbin/iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT
> /sbin/iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
> /sbin/iptables -I FORWARD -j pptp
> /sbin/iptables -t nat -N pptp

>
>
> _________________________________________________________________
> Win a voice over part with Kung Fu Panda & Live Search   and   100's of Kung Fu Panda prizes to win with Live Search
> http://clk.atdmt.com/UKM/go/107571439/direct/01/
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
>