Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Philippe Pache on June 25, 2001, 05:44:05 PM
-
Hi !
i want to forward protocol 47 and port 1723 to a linux box in my lan. How can i achieve this. I looked the threads talking about this but can't find an answer.
What are the commands with ipchains ??
thanks for your help
-
Look at the HOWTOS for port forwarding - your answer is there. Although wot is 'protocol 47'? assume you mean port 47.
-
I really mean Protocol 47. I tried ipmasqadm to forward port 1723 but i cannot achieve it with protocol 47
-
Looks like you're trying to connect to a PPTP VPN server through your linux box.
I managed to get my IPSec client to connect thru e-smith by doctoring the IPCHAINS setup. Here's a link to the instructions I know work for IPSec.
http://forums.contribs.org/index.php?topic=1855.msg6169#msg6169
IPSec uses UDP port 500 and protocol 50. Try changing the IPCHAINS lines for your PPTP pass thru' reqts.
Let me know if it works.
Cheers
Ritchie
-
ahhh... I had a look at the PPTP files on my box..... I think there's a mistake in the default IPCHAINS setups. I compared them to the IPCHAINS lines I use for IPSec and found a difference.
Follow the instructions in the link above up to the point where you edit 45AllowIPSecMasq.
Instead, edit 45AllowPPTP.
Change the line:
/sbin/ipchains --append input -p tcp -s 0/0 -d $OUTERNET 1723 -j ACCEPT
to
/sbin/ipchains --append input -p tcp -s 0/0 1723 -d $OUTERNET 1723 -j ACCEPT
This may have been stopping your packets getting passed through.
Let me know if this works.
Cheers
Ritchie
-
Hi Ritchie,
Thanks for your help !! i think i have one problem with my ipchains rules. I will explain a little more what i want to do.
1 e-smith server extip: 192.168.2.2 intip:192.168.1.249
1 win2kstattion_a ip:192.168.2.6
1 win2kstattion_b ip:192.168.1.41
win2kstation_a<---->e-smith-box<----->win2kstation_b
i try to connect a pptp client from win2kstation_a to a pptp win2k server who actually is win2kstation_b
i managed to receive packet tcp 1723 in my win2kstation_b but i cannont do it for GRE
here is my config file for protocol 47
/sbin/ipchains --append input -p 47 -s 0/0 -d $OUTERNET -j ACCEPT -l -i eth1
/sbin/ipchains --append output -p 47 -d 0/0 -s $OUTERNET -j ACCEPT -l -i eth1
i also have ipfws --masq 192.168.1.41 47
whats's wrong with my ip-chains ???
Thanks for your help
Philippe
-
looking at your setup, I think you are connecting in the reverse direction from myself.... your VPN client is OUTSIDE your E-Smith box, and your VPN server is INSIDE.
This is exactly the reverse of my situation. I think I'm getting to the limits of my ipchains knowledge without doing any further reading up on the HOWTO (I stopped after I got my VPN working OK!)
Here are both the ipchains lines I use to ensure my VPN client INSIDE my lan can receive IPSec packets from OUTSIDE.
/sbin/ipchains --append input -p 50 -s 0/0 -d $OUTERNET -j ACCEPT
/sbin/ipchains --append input -p udp -s 0/0 500 -d $OUTERNET 500 -j ACCEPT
I don't see why these should not work for PPTP, so substitute for PPTP protocol 47 & tcp 1723
/sbin/ipchains --append input -p 47 -s 0/0 -d $OUTERNET -j ACCEPT
/sbin/ipchains --append input -p tcp -s 0/0 1723 -d $OUTERNET 1723 -j ACCEPT
You probably want to remove the "-l -i eth1" from the end of your statement.... -I is in conflict with the "--append" at the beginning, and you should not need to specify the interface - omitting the "-i eth1" means that all packets will be forwarded from any interface (this may be your problem).
Cheers
Ritchie