[pptp-server] redhat 6.2 firewall to win2k forwarding problems

[Ricky Bowen]

Hello all,

I'm having some trouble getting my RH Linux 6.2 firewall to forward to my
internal Win2k pptp server. I've pinpointed the problem at the firewall,
because clients that are on the internal network can connect fine to the
Win2k machine.

I'm testing this with a Win2k client. What happens, is that it connects, but
authentication fails, to me that means that GRE is failing, right? I get
"Error 721: The remote computer is not responding."

My FW is setup as so:

ipchains:
-A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 1723:1723 -p 6 -j
ACCEPT -l -i eth2
-A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 -p 47 -j
ACCEPT -l -i eth2
-A forward -s 172.16.1.250/255.255.255.255 1723:1723 -d 0.0.0.0/0.0.0.0 -p
6 -j MASQ -l -i eth2
-A forward -s 172.16.1.250/255.255.255.255 -d 0.0.0.0/0.0.0.0 -p 47 -j
MASQ -l -i eth2

and my rc.local:
/usr/local/sbin/ipfwd --masq 172.16.1.250 47 &
/usr/sbin/ipmasqadm portfw -a -P tcp -L external-ip 1723 -R 172.16.1.250
1723

My kernel is setup with the following:

CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_IPPORTFW=y
CONFIG_IP_MASQUERADE_MFW=y
CONFIG_IP_MASQUERADE_PPTP=y
DEBUG_IP_MASQUERADE_PPTP=y
DEBUG_IP_MASQUERADE_PPTP_VERBOSE=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE=y

I have tested all the chains with ipchains -C. It seems that everything goes
through the external interface, eth2.

Thanks for the help!

Ricky