Exposing Internal Host on Private network to Internet

Exposing Internal Host on Private network to Internet

[Bobby Hitt]

Hello all,

I have a network using Linux as a gateway/firewall running NAT. This works
perfectly to allow 5 internal hosts running Windows 2000/XP/Win98/Linux
access to the Internet. Also the Linux gateway is running openVPN which
allows me a secure connection to my Linux server in Connecticut for my
Windows machines.

I have setup a Windows 2000 Server on my network here running VPN server
that I want to be exposed to the the outside to allow Windows clients
running the VPN client to access the inside network here via the Windows
2000 server. I know I need to route ports 1723 47 for PPTP and 500 and 50-51
for IPSec to the Windows 2000 Server, but have no idea how to do this with
iptables.

I used to run a cable router that allowed one host to be exposed to the
Internet, which is how I want to setup the Linux router.

Any help is appreciated,

Bobby

Re: Exposing Internal Host on Private network to Internet

[David Busby]

A: SNAT/DNAT

Start here: http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-6.html
and read through section 10 then search archives for examples

/B
----- Original Message ----- 
From: "Bobby Hitt" <Bobby.Hitt@bscnet.com>
To: <netfilter@lists.netfilter.org>
Sent: Sunday, June 22, 2003 21:36
Subject: Exposing Internal Host on Private network to Internet


> Hello all,
>
> I have a network using Linux as a gateway/firewall running NAT. This works
> perfectly to allow 5 internal hosts running Windows 2000/XP/Win98/Linux
> access to the Internet. Also the Linux gateway is running openVPN which
> allows me a secure connection to my Linux server in Connecticut for my
> Windows machines.
>
> I have setup a Windows 2000 Server on my network here running VPN server
> that I want to be exposed to the the outside to allow Windows clients
> running the VPN client to access the inside network here via the Windows
> 2000 server. I know I need to route ports 1723 47 for PPTP and 500 and
50-51
> for IPSec to the Windows 2000 Server, but have no idea how to do this with
> iptables.
>
> I used to run a cable router that allowed one host to be exposed to the
> Internet, which is how I want to setup the Linux router.
>
> Any help is appreciated,
>
> Bobby
>

RE: Exposing Internal Host on Private network to Internet

[George Vieira]

Run pptpd (PoPToP) for linux and allow them that way??? Makes it easier with rules etc.etc.

But I'd prefer IPSEC if I could change it easily enough.

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

Phone   : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
 

-----Original Message-----
From: Bobby Hitt [mailto:Bobby.Hitt@bscnet.com]
Sent: Monday, June 23, 2003 2:37 PM
To: netfilter@lists.netfilter.org
Subject: Exposing Internal Host on Private network to Internet


Hello all,

I have a network using Linux as a gateway/firewall running NAT. This works
perfectly to allow 5 internal hosts running Windows 2000/XP/Win98/Linux
access to the Internet. Also the Linux gateway is running openVPN which
allows me a secure connection to my Linux server in Connecticut for my
Windows machines.

I have setup a Windows 2000 Server on my network here running VPN server
that I want to be exposed to the the outside to allow Windows clients
running the VPN client to access the inside network here via the Windows
2000 server. I know I need to route ports 1723 47 for PPTP and 500 and 50-51
for IPSec to the Windows 2000 Server, but have no idea how to do this with
iptables.

I used to run a cable router that allowed one host to be exposed to the
Internet, which is how I want to setup the Linux router.

Any help is appreciated,

Bobby