From: "Rowan Reid" <rreid@studio3arc.com>
To: "'R. Sterenborg'" <rsterenborg@xs4all.nl>, netfilter@lists.samba.org
Subject: RE: PPTP through masquerading gateway
Date: Mon, 8 Jul 2002 16:44:10 -0700 [thread overview]
Message-ID: <000401c226d9$5cc37fb0$6b01a8c0@s3ac> (raw)
In-Reply-To: <001c01c226cf$3bc72d70$0401000a@win2k>
> I used :
> - kernel 2.4.17 (Because the patch is for *that* kernel. I'm
> no hacker so I'm not going to try it on another kernel...).
> - the PPTP kernel patch from
> http://www.impsec.org/linux/masquerade/ip_masq_vpn.html.
> - iptables-1.2.6a.
> - the default gcc from RH-7.3 (2.96, I know, I know...)
I'm using 2.4.18 I know not designed for the patch, My FS only
Works with 2.4.18. Someone told me the 2.4.17rev2 Patch works
With 2.4.18 it doesn't unless you use
patch –p1 < netfilter-pptp-2.4.17-rev2.patch
>
> Untar the kernel source to /usr/src/linux.
> Untar the patch to /usr/src.
> Untar iptables to /usr/src/iptables-1.2.6a
>
> cd /usr/src
> patch –p0 < netfilter-pptp-2.4.17-rev2.patch
>
> cd /usr/src/iptables-1.2.6a
> make pending-patches KERNEL_DIR=/usr/src/linux
Correct me if I'm wrong doesn't the INSTALL file say you
Need a 2.4.4 kernel in order for it to work.
>
> If all went well go ahead and configure your kernel.
> cd /usr/src/linux
> make xconfig (or whatever you like to use)
>
> Check all (networking) options that apply.
> There are two new options in the kernel config :
> - Networking options -> IP: Netfilter Configuration -> PPTP
> protocol support
> - Networking options -> IP: Netfilter Configuration -> PPTP
> verbose debug Make sure you check the first. If you want
When I patched or seudo patched it I the pptp option did show up.
> cd /usr/src/iptables-1.2.6a
> make KERNEL_DIR=/usr/src/linux
> make install KERNEL_DIR=/usr/src/linux
Interesting you did this after compiling the kernel.
>
> Reboot and make sure to boot the new kernel.
>
> Now for the forwarding rules.
> I'm taking values from this post. Since it's not mentioned, I
> take eth0 as the LAN NIC.
> http://www.netfilter.org/documentation/tutorials/blueflux/ipta
bles-tutorial.
>iptables -A FORWARD -p tcp -i ppp0 -o eth0 -d 10.1.1.15 --dport 1723 -j
ACCEPT iptables -A FORWARD -p 47 -i ppp0 -o eth0 -d 10.1.1.15 -j ACCEPT
>iptables -t nat -A PREROUTING -p tcp -i ppp0 -d <external-ip> --dport
1723 -j DNAT --to 10.1.1.15:1723 iptables -t nat -A PREROUTING -p 47 -i
ppp0 -d >>><external-ip> -j DNAT --to 10.1.1.15
I used the same commands to test it. I will try the order you used.
Thanks for taking the time though.
What I'm trying most desperatly not to do is have to revert back to ext2
and a 2.4.17 kernel.
next prev parent reply other threads:[~2002-07-08 23:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-08 18:16 PPTP through masquerading gateway Marc Riddle
2002-07-08 19:15 ` Aldo S. Lagana
2002-07-08 20:54 ` Rowan Reid
2002-07-08 21:06 ` Aldo S. Lagana
2002-07-08 22:19 ` Rowan Reid
2002-07-08 22:31 ` R. Sterenborg
2002-07-08 23:44 ` Rowan Reid [this message]
2002-07-09 6:17 ` R. Sterenborg
[not found] <200207091052.55364.fabrice@celestix.com>
2002-07-09 2:08 ` Rowan Reid
[not found] <000a01c22798$9a5773d0$0401000a@win2k>
2002-07-09 22:35 ` Rowan Reid
2002-07-10 6:10 ` R. Sterenborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000401c226d9$5cc37fb0$6b01a8c0@s3ac' \
--to=rreid@studio3arc.com \
--cc=netfilter@lists.samba.org \
--cc=rsterenborg@xs4all.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.