[pptp-server] pptp vpn and masquerading
Gord Belsey
gord at amador.ca
Thu Aug 10 15:01:17 CDT 2000
If I understand correctly your problem, try adding a rule to forward the
pptp clients without MASQ, and the other traffic through MASQ.
Since you're able to get pptp sessions running without MASQ, something like
this should do the trick:
ipchains -A forward -s <addr/mask of a pptp client subnet> -d <addr/mask of
pptp server> -j ACCEPT
ipchains -A forward -s <addr/mask of the pptp server> -d <addr/mask of pptp
client subnet> -j ACCEPT
ipchains -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j MASQ
This assumes that you don't want any pptp traffic MASQd and you want all
other traffic MASQd. You can tweak it to better meet your needs, but it
should (at least in my head.....) work.
Hope this helps
Gord
.
----- Original Message -----
From: Larry Rivera <larrydog at coqui.net>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, August 10, 2000 8:33 AM
Subject: [pptp-server] pptp vpn and masquerading
> Hello:
>
> I have a dedicated connection to the internet using a linux server
> running kernel version 2.2.13. This server also is a member of a privat
> lan in the normal firewall setup that is prevalent these days.
>
> I have successfully configured the joining of two remote locations via
> pptp tunnels and these have their own subnet assigned. My problem is
> that since I had to turn off masquerading in the kernel config, (because
> my incoming connections were being masqueraded as the server's ethernet
> ip address creating problems for printing, etc.) now my outgoing clients
> cannot access the internet as before from behind this server (these
> clients have private ip numbers). I HAVE read all of the documentation
> out there but am still unsure of several issues.
> Is it possible to have the following setup?:
>
> 1. Masquerade outgoing connections for internet browsing from a private
> network behind firewall.
> 2. DO NOT Masquerade incoming pptp connections so that remote machines
> can access the applications server with their ip address intact.
>
> Has anyone seen a setup like this?
> Thanks
> LR
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
More information about the pptp-server
mailing list