asked on

Iptables router PPTP passthrough

I have a fedora box as my local firewall/router. It works except that I can't create a pptp vpn conection from inside the firewall.

*nat
:PREROUTING ACCEPT [196:12281]
:POSTROUTING ACCEPT [8:496]
:OUTPUT ACCEPT [8:496]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.0.2.3
-A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 10.0.2.4
-A POSTROUTING -s 10.0.2.0/24 -o eth0 -j MASQUERADE
COMMIT
 
*mangle
:PREROUTING ACCEPT [3901:2059623]
:INPUT ACCEPT [255:44225]
:FORWARD ACCEPT [3646:2015398]
:OUTPUT ACCEPT [117:13070]
:POSTROUTING ACCEPT [3763:2028468]
COMMIT
 
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:STATEFUL - [0:0]
-A INPUT -i ALL -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j STATEFUL
-A FORWARD -d 10.0.2.3/32 -i eth0 -o eth2 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -d 10.0.2.4/32 -i eth0 -o eth2 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -j STATEFUL
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -j STATEFUL
-A STATEFUL -m state --state RELATED,ESTABLISHED -j ACCEPT
-A STATEFUL -m state --state NEW -j ACCEPT
-A STATEFUL -j DROP
COMMIT

Open in new window

SOLUTION

Blaz

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mrjd420

ASKER

Not sure why I didn't mention trying that or something similar to it. However, I have tried and tried again those exact same steps and I had the same results. It starts to make a connection, gets to the "verifying username and password" then disconnects with a 619 error.

ASKER CERTIFIED SOLUTION

stefanx