Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I am currently running a Linux Firewall with NAT.  I can't get OUTGOING VPN traffic to work.  I am using IPTABLES for my incoming VPN traffic to an internal server, that works fine.  Can anyone help?

Posted on 2003-11-19
4
Medium Priority
?
412 Views
Last Modified: 2010-03-18
I am currently running a Linux Firewall with NAT.  I can't get OUTGOING VPN traffic to work.  I am using IPTABLES for my incoming VPN traffic to an internal server, that works fine.  Can anyone help?  Here are the iptables commands for my forwarding to the internal VPN server.  This is for people outside the location to VPN into.  Our people also need to VPN to an external VPN server, not VPN server - VPN server.


iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1701 -j DNAT --to 192.168.1.2:1701
iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1723 -j DNAT --to 192.168.1.2:1723
iptables -A PREROUTING -t nat -p gre -d 38.119.240.14 -j DNAT --to 192.168.1.2

Ken Hammond

0
Comment
Question by:kenham40
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9783979
check this post, u might get clear idea what is goin bad.
http://www.experts-exchange.com/Operating_Systems/Linux/Q_20700242.html
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9784005
0
 

Author Comment

by:kenham40
ID: 9787945
Ok, I read through both of those but still have yet to see where someone had the problem I am having.  My linux server (firewall/router) has three nics.  eth0 is going to my cisco 2600 router which has a T1 line hooked in.  eth1 goes to our private network, gateway being 192.168.10.1.  eth2 goes to our subleases private network at 192.168.1.1.  The problem I am having is that say they are on 192.168.1.4 as an IP address (they are using DHCP), they can't get out using win2k's VPN PPTP client to a VPN server somewhere else. Yesterday I DID however setup a VPN server on 192.168.1.2, did some port forwarding and GRE and INCOMING VPN traffic to that server works wonderfully.  So my question is, how do I get their win2k VPN clients to be able to connect to an external VPN server?
0
 
LVL 4

Accepted Solution

by:
Jivko earned 1500 total points
ID: 9824545
You need not only destination NAT :
iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1701 -j DNAT --to 192.168.1.2:1701
iptables -t nat -A PREROUTING -p udp -d 38.119.240.14 --dport 1723 -j DNAT --to 192.168.1.2:1723
iptables -A PREROUTING -t nat -p gre -d 38.119.240.14 -j DNAT --to 192.168.1.2

,
but source NAT:

iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24 --dport 1701 -j SNAT --to-source 38.119.240.14:1701
iptables -t nat -A POSTROUTING -p udp -s 192.168.1.0/24--dport 1723 -j SNAT --to-source 38.119.240.14:1723
iptables -A POSTROUTING -t nat -p gre -s 192.168.1.0/24 -j SNAT --to-source 38.119.240.14
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question