Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: FreakWent on February 16, 2014, 06:48:34 AM

Title: outgoing PPTP VPN from server needs extra NAT
Post by: FreakWent on February 16, 2014, 06:48:34 AM

Imagine this:

- SME Server 8.0 with all current updates in server and gateway mode.
- External pptp session established and working from the CLI
- IP routes have been established for some specific external hosts to be reached via ppp1 instead of ppp0.  Pings and traceroutes from the server CLI confirm that it's good.
- Squid generates requests on the server, so internal clients get correct web behaviour, ie, it works well for clients in the browser
- For traffic squid can't handle, or if squid is turned off, packets leave with the original internal IP address intact
- In these cases, remote hosts can't respond, assuming such a silly packet even arrives.

Can anyone think of an elegant way to keep the NAT included in all this, other than manually setting up a new set of NAT rules in iptables?

Thanks for your time everyone!

Title: Re: outgoing PPTP VPN from server needs extra NAT
Post by: CharlieBrady on February 17, 2014, 03:53:44 PM

I think it might help if you explain why you are trying to do all this - what problem are you trying to solve?

I think you just need to add a custom template for /etc/rc.d/init.d/masq to add MASQUERADE for traffic sent outbound on interface ppp1.