All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: Microsoft PPTP VPN server behind FIREWALL
@ 2003-03-27 20:46 Steve M Bibayoff
  0 siblings, 0 replies; 6+ messages in thread
From: Steve M Bibayoff @ 2003-03-27 20:46 UTC (permalink / raw)
  To: netfilter

Hello,

davidsen@tmr.com (bill davidsen) wrote:

> I believe there is a userspace IPsec package,
reasonably high overhead
> but runable where a patched kernel is politacally
incorrect. Does that
> ring a bell with anyone?

I believe your thinking of Cipe.

hth

Steve

ps. please don't Bcc the ml.



^ permalink raw reply	[flat|nested] 6+ messages in thread
* RE: Microsoft PPTP VPN server behind FIREWALL
@ 2003-03-25 16:57 Daniel Chemko
  0 siblings, 0 replies; 6+ messages in thread
From: Daniel Chemko @ 2003-03-25 16:57 UTC (permalink / raw)
  To: Remus, netfilter

PPTP also uses ip protocol 47, so use something like:

iptables -t nat -A PREROUTING -d $EXTERNALIP -p 47 -j DNAT --to
192.168.1.150

I know there was a conntrack module, and I am not sure if that was only
for SNAT or if it did DNAT as well.

-----Original Message-----
From: Remus [mailto:rmocius@auste.elnet.lt] 
Sent: Tuesday, March 25, 2003 5:09 AM
To: netfilter@lists.netfilter.org
Subject: Microsoft PPTP VPN server behind FIREWALL

Hi folks,

I have running the Microsoft PPTP VPN server behind my Firewall with
MASQ.

I tried to use this command to make a forward to itenal IP address:
iptables -t nat -A PREROUTING -d $EXTERNALIP -p tcp --dport 1723 -j
DNAT --to 192.168.1.150:1723
But it doesn't work, I mean I cannot connect to my VPN server from
outside.

Any ideas or issues?

Thank you in advance for the help. :-)

Remus





^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: ipv6 and state matching
@ 2003-03-25  8:33 Jozsef Kadlecsik
  2003-03-25 13:08 ` Microsoft PPTP VPN server behind FIREWALL Remus
  0 siblings, 1 reply; 6+ messages in thread
From: Jozsef Kadlecsik @ 2003-03-25  8:33 UTC (permalink / raw)
  To: Trever L. Adams; +Cc: netfilter

On 24 Mar 2003, Trever L. Adams wrote:

> I am unable to find any questions about this.  I really love state
> matching in ipv4.  I find that w/ RedHat 8.0 and Phoebe (8.1.99 or
> something like that), that I cannot do this.  This does indeed seem to
> be an accurate state.

Brad Chapman had an attempt to port IPv4 conntrack to IPv6 but his code
was never accepted.

Last year I worked on the prototype of an unified conntrack code, but it
was never released. Unfortunately just conntrack doesn't seem to be enough
- one is tempted to implement NAPT etc. as well.

> Are there plans on doing state support?  Is it all that much more
> difficult?

A straight porting is not so difficult, but that direction cannot be
followed because it would result in a severe code-duplication.
Unification takes a lot of time.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary



^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2003-03-27 20:46 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-27 20:46 Microsoft PPTP VPN server behind FIREWALL Steve M Bibayoff
  -- strict thread matches above, loose matches on Subject: below --
2003-03-25 16:57 Daniel Chemko
2003-03-25  8:33 ipv6 and state matching Jozsef Kadlecsik
2003-03-25 13:08 ` Microsoft PPTP VPN server behind FIREWALL Remus
2003-03-25 15:22   ` Ilguiz Latypov
2003-03-25 17:37   ` Rowan Reid
2003-03-25 18:34     ` bill davidsen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.