[pptp-server] pptp masquerade document needed for 2.4.x based firewal

[Jamin Collins]

Gill, Vern [mailto:vgill at technologist.com] wrote:
> None of the netfilter modules will load correctly, or at all for that
> matter, once the ipchains module is loaded. The ipchains module is
> provided solely for backwards compatibility with ipchains scripts. It
> will not allow for any type of port forwarding with ipfwadm or
> ipmasqadm. In order to do port forwarding with netfilter, you need to
> re-write your scripts to utilize iptables. If you post the port
> forwarding portion of your script, you will probably get some 
> assistance with equivalent iptables commands. In fact, you may even 
> request to post and have your ipchains script reviewed and 
> suggestions made to convert to iptables. That being said, do not expect 
> to just post the script and have someone send you a new iptables script. 

I would like to direct anyone looking to make the transition from ipchains
to iptables to my firewall script.  I believe this script will handle most
common configurations, and I would be happy to hear of a configuration that
it doesn't work in.  Suggestions and updates to the script are always
welcome.  It can be found at http://www.asgardsrealm.net/linux/firewall.

> Additionally, you can not currently have multiple outgoing pptp 
> sessions. At least not that I am aware of, and someone PLEASE correct 
> me if I am wrong, cuz I need this too.

You can have multiple outgoing connections with netfilter/iptables.  The
problem is that PoPToP can not handle multiple incomming connections from
the same source IP as it abides by the RFC that indicates the server should
not do this.  So, if you have a need for multiple clients behind one
firewall to connect to the same PoPToP server, then you have a problem.
Otherwise all is well.

Jamin W. Collins