I'm trying to forward port 1723 on my firewall using iptables for a VPN
connection but for some reason it doesn't want to work. Ignoring that this
is a VPN connection and just thinking it's plain old packet forwarding using
DNAT, it should work. If I run tcpdump on the external interface I can see
the packets coming in, and the destination address is getting translated
correctly. If I run tcpdump on the internal interface I see nadda. Now
using the EXACT same rule except changing the port number to something else,
it works, just not on 1723, as well as a few other port numbers. I havn't
been able to establish a pattern.
Is there some limitation I'm not aware of? A security thing. Possibly that
I can't forward packets over port 1024? Anyone know whats going on here?
TIA.
Jamie Carl
jamie...@salientnetworks.com.au
Jamie Carl
jamie...@salientnetworks.com.au
"Jamie Carl" <jamie...@salientnetworks.com.au> wrote in message
news:3c71e2da$1...@news.iprimus.com.au...
Forwarding TCP/1723 is not sufficient to forward a PPTP connection. PPTP
is PPP over a GRE tunnel, associated to a TCP control channel (port
1723).
That means you have to redirect both TCP/1723 and GRE.
iptables -t nat -A PREROUTING -p tcp --dport 1723 -j DNAT --to 1.2.3.4
iptables -t nat -A PREROUTING -p 47 -j DNAT 1.2.3.4
should do the trick.
Maybe you should have a look a Linux VPN masquerade project and get PPTP
helper for Linux 2.4, depending on which way you want to redirect.
--
FG> Quelle rapport entre vendre/acheter des livres et
FG> etre bibliophile?
On n'a pas toujours l'opportunité de les voler.
-+- FF in Guide du Neuneu d'Usenet - À l'insu de son plein gré -+-