[pptp-server] How to set iptables to doesn't masquerade the VPN traffic?

Joe Polcari Joe at Polcari.com
Fri Dec 21 00:22:27 CST 2001 

Bruno,

I,m sorry, I can't follow your diagram, but from what you said after it,
maybe this will work:

You need to put the acceptance rule before the masquerade rule in the nat
table, like so:

iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -d 192.168.14.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -j MASQUERADE

let me know if this doesn't work.

Joe

Bruno Negrão wrote:

> >
> > What are the ip addresses, interfaces and are you using ipchains or
> > iptables or what?
> I'm sorry. I'm using iptables.
>
> My network is:
>
> 192.168.50.1| PPTPD server |200.251.30.1 --------------------- 200.230.2.2 |
> PPTPd client (NT)|192.168.0.1
>
> \-----------------------------------------------------------------/
>                                                           pptp tunnel on net
> 192.168.14.0
> My clients in network 192.168.50/24 must be masqueraded when connecting the
> internet but must be just forwarded when connecting with the 192.168.0.0/24
> network.
>
> >
> >
> > Bruno Negrão wrote:
> >
> > > Hy, since everyone here works with pptp somebody should have solved
> > > this problem: My pptpd server is a linux 2.4.x kernel with two
> > > interfaces (external and internal). I set it to masquerade the
> > > outgoing traffic, but I don't want to masquerade the outgoing vpn
> > > traffic passing through the ppp0 interface. It has got to be, instead,
> > > forwarded with its original source addresses. Could someone show me
> > > the iptables rules to make it work? (tips in routing would be
> > > appreciated too). thank
> > > you,-------------------------------------------------
> > >  -- Bruno Negrão -- Suporte
> > >  -- Plugway Acesso Internet Ltda.
> > >  -- (31)34812311
> > >  -- bnegrao at plugway.com.br
> >
> ¦>i±êïz¹sSYb²Úi¶>
®÷«-+-²Ç!º[^¢¸!¶ÚþX¬¶Ë
?émzSàþf¢-f§þX¬¶)ߣúi¶>
®÷«N<§²æìr
> ¸>z
> > -¢Ø^º¹cºËZn<Þ¶¬-)Þ
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list