[pptp-server] NAT on firewall?
Nate Carlson
natecars at real-time.com
Tue Feb 1 14:27:00 CST 2000
On Tue, 1 Feb 2000, Adam Haeder wrote:
> This question isn't about pptpd per se, but since it relates to the
> network setup, I thought I would ask it.
> I've currently got a Sparc machine running RedHat 6.0 with kernel 2.2.5
> doing ip forwarding/masquerading for about 30 users. It also does some
> ip forwarding from valid internet IPs through to non-routable
> (192.168.x.x) IPs. My questions is this: in the current PoPToP HOWTO,
> they talk about setting up a firewall and a pptpd server behind it on a
> non-routable ip. The author then goes through setting up NAT using
> natadm to be able to forward GRE info through the firewall to the
> internal pptpd server, since it's the only ip redirector I know of that
> can handle non-tcp or udp traffic.
> My question is this: can I use my existing masq box as this firewall?
> I'm concerned about trying to use both ip forwarding/masq and nat on the
> same box. Can it be done? I'm thinking the solution to my problem right
> now is to setup a separate firewall system that does nat and then setup
> an internal pptpd server. I was planning on keeping this solution down
> to one server, but it looks like I might not be able to.
> Any advice is appreciated!
>
Why do you need to use NAT? If the machine has a public IP address, pptpd
can be accessed via that. And since you will be assigning clients
non-routable IP addresses (I'm assuming), you do not need to translate
between your non-routable internals and the non-routable address you
assign them. You'll just need to do typical forwarding there. Unless, of
course, I misread your e-mail.
--
Nate Carlson <carlson at real-time.com> | Phone : (612)943-8700
http://www.real-time.com | Fax : (612)943-8500
More information about the pptp-server
mailing list