Solved

I am currently running a Linux Firewall with NAT.  I can't get OUTGOING VPN traffic to work.  I am using IPTABLES for my incoming VPN traffic to an internal server, that works fine.  Can anyone help?

Posted on 2003-11-19
4
403 Views
Last Modified: 2010-03-18
I am currently running a Linux Firewall with NAT.  I can't get OUTGOING VPN traffic to work.  I am using IPTABLES for my incoming VPN traffic to an internal server, that works fine.  Can anyone help?  Here are the iptables commands for my forwarding to the internal VPN server.  This is for people outside the location to VPN into.  Our people also need to VPN to an external VPN server, not VPN server - VPN server.


iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1701 -j DNAT --to 192.168.1.2:1701
iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1723 -j DNAT --to 192.168.1.2:1723
iptables -A PREROUTING -t nat -p gre -d 38.119.240.14 -j DNAT --to 192.168.1.2

Ken Hammond

0
Comment
Question by:kenham40
  • 2
4 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9783979
check this post, u might get clear idea what is goin bad.
http://www.experts-exchange.com/Operating_Systems/Linux/Q_20700242.html
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9784005
0
 

Author Comment

by:kenham40
ID: 9787945
Ok, I read through both of those but still have yet to see where someone had the problem I am having.  My linux server (firewall/router) has three nics.  eth0 is going to my cisco 2600 router which has a T1 line hooked in.  eth1 goes to our private network, gateway being 192.168.10.1.  eth2 goes to our subleases private network at 192.168.1.1.  The problem I am having is that say they are on 192.168.1.4 as an IP address (they are using DHCP), they can't get out using win2k's VPN PPTP client to a VPN server somewhere else. Yesterday I DID however setup a VPN server on 192.168.1.2, did some port forwarding and GRE and INCOMING VPN traffic to that server works wonderfully.  So my question is, how do I get their win2k VPN clients to be able to connect to an external VPN server?
0
 
LVL 4

Accepted Solution

by:
Jivko earned 500 total points
ID: 9824545
You need not only destination NAT :
iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1701 -j DNAT --to 192.168.1.2:1701
iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1723 -j DNAT --to 192.168.1.2:1723
iptables -A PREROUTING -t nat -p gre -d 38.119.240.14 -j DNAT --to 192.168.1.2

,
but source NAT:

iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24 --dport 1701 -j SNAT --to-source 38.119.240.14:1701
iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24--dport 1723 -j SNAT --to-source 38.119.240.14:1723
iptables -A POSTROUTING -t nat -p gre -s 192.168.1.0/24 -j SNAT --to-source 38.119.240.14
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CPU#7 stuck for 22s! 4 289
Help instaling linux on vmware 36 85
linux 2 101
Set linux box as ip router 3 23
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question