Re: NAT - HELP - John A. Sullivan III

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: "Slava (hotbox)" <chvv@hotbox.ru>
Cc: netfilter@lists.netfilter.org
Subject: Re: NAT -  HELP
Date: Thu, 06 May 2004 08:34:38 -0400	[thread overview]
Message-ID: <1083846878.2101.17.camel@localhost> (raw)
In-Reply-To: <1177332812.20040505164432@hotbox.ru>

On Wed, 2004-05-05 at 08:44, Slava (hotbox) wrote:
> 
> NETFILTER --> NAT --> HOWTO
> 
> 
> I very badly speak English!
> 
> 
> We use VPN-connections (PPTP) through firewall. It uses two connections: 1723/tcp and 47/ip(GRE). 
> 
> When I  give a range of IP addresses to SNAT, two PPTP connections (1723/tcp & GRE) leave
> from Firewall (SNAT) with different IP-addresses.
> And VPN-connection does not work!
> 
> 
> Help, if can, please.
> 
> Viacheslav.
> 
>  
I do not use PPTP so I am having trouble understanding your problem.  Is
the problem that you do not want 1723.tcp and 47/ip to SNAT at all or
that they are doing SNAT to the wrong address?

If you do not want the PPTP connection to SNAT at all, place an ACCEPT
rule in front of the SNAT rule, e.g., 

iptables -t nat -I POSTROUTING 1 -o eth0 -s x.x.x.x -p 6 --sport 1723 -j
ACCEPT
iptables -t nat -I POSTROUTING 1 -o eth0 -s x.x.x.x -p 47 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source y.y.y.y

If it is NATting the wrong public address, make sure the PPTP rules are processed first.
Hope this helps - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com

next prev parent reply	other threads:[~2004-05-06 12:34 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-05 12:44 NAT - HELP Slava (hotbox)
2004-05-06 12:34 ` John A. Sullivan III [this message]
2004-05-06 18:37   ` Alistair Tonner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1083846878.2101.17.camel@localhost \
    --to=john.sullivan@nexusmgmt.com \
    --cc=chvv@hotbox.ru \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox