[pptp-server] How to set iptables to doesn't masquerade the V PN traffic?

[George Vieira]

Make sure your vpn users are on the same IP range (subnet) as the local
users otherwise this will fail...
 
you need to put a rule which ACCEPTS anything from subnet to subnet on
interface ppp+  eg.
 
INTSN="10.10.10.0/24"
VPNDEV="ppp+"
EXTDEV="eth1"
 /sbin/ipchains -A input -i $VPNDEV -s $INTSN    -d $INTSN  -j ACCEPT
 /sbin/ipchains -A forward -i $EXTDEV -s $INTSN  -d $INTSN  -j MASQ

these rules are what I use.. the input is only there because I bloke
everything coming in... otherwise not needed as I'm using the "-i $EXTDEV"
option to masq only the packets going to the internet, NOT the vpn....
 
should be right..
 
if this doesn't work I'll need your iptables rules or ipchains rules to see
what your doing....


thanks, 
George Vieira 
Systems Manager 
Citadel Computer Systems P/L 

-----Original Message-----
From: Bruno Negrão [mailto:bnegrao at engepel.com.br]
Sent: Thursday, 20 December 2001 3:29 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN
traffic?


Hy, since everyone here works with pptp somebody should have solved this
problem:
 
My pptpd server is a linux 2.4.x kernel with two interfaces (external and
internal). I set it to masquerade the outgoing traffic, but I don't want to
masquerade the outgoing vpn traffic passing through the ppp0 interface. It
has got to be, instead, forwarded with its original source addresses.
 
Could someone show me the iptables rules to make it work? (tips in routing
would be appreciated too).
 
thank you,
-------------------------------------------------
 -- Bruno Negrão -- Suporte
 -- Plugway Acesso Internet Ltda.
 -- (31)34812311
 -- bnegrao at plugway.com.br <mailto:bnegrao at plugway.com.br> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20011220/34554b58/attachment.html>