Link to home
Start Free TrialLog in
Avatar of Phil_sotprod
Phil_sotprod

asked on

PPTPD and Iptables mapping issue

Hi,

I'm trying to get a VPN system seup with poptop (http://www.poptop.org/). It's all configured and working fine using the boxes main IP as the main IP for all the VPNs, however we want to map each of the internal IPs to a unique (or a couple of accounts per) external IP. We want to do this via iptables and came up with the attached IP tables script.

However it doesn't seem to work, when run the user can login to the VPN but not get a line to the outside world.

Attached it the script. I've partialy obscured the external IP the script itself doesn't contain xxx.xxx but the actually ip addreses 
#!/bin/sh
 
# Flush all rules
 
iptables -F
 
iptables -X
 
iptables -Z
 
# Allow all VPN stuff
 
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
 
iptables -A INPUT -p 47 -j ACCEPT
 
iptables -A OUTPUT -p tcp --sport 1723 -j ACCEPT
 
iptables -A OUTPUT -p 47 -j ACCEPT
 
iptables -A FORWARD -i ppp0 -o eth0 -s 192.168.0.10/24 -m state --state NEW -j ACCEPT
 
iptables -t nat -A PREROUTING -i eth0 -d xxx.xxx.20.111 -j DNAT --to-destination=192.168.0.101
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.101 -j SNAT --to-source=xxx.xxx.20.111
 
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of AleksandarS
AleksandarS
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Phil_sotprod
Phil_sotprod

ASKER

Yeah thanks I've already set that.

it's set in the pptpd startup script
SOLUTION
Avatar of Arty K
Arty K
Flag of Kazakhstan image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial