I have a site with the iptables rules below (12/3/07 I added)
currently
the firewall is set to forward all tcp:1723 and all GRE to the
internal
VPN server.
However they need one PC inside the org connect to a outside VPN I
added
the rules (12/3/07) hoping to add a special case whereby any tcp:1723
and GRE from STRATOS_SERVER(12.23.94.89) should be forwarded to the
STRATOS_CLIENT PC. However my iptables logic doesn't seem to add up
can anyone shed some light to what might be the hang up?
VPN_SERVER_IP=192.168.0.62
STRATOS_CLIENT=192.168.0.31
STRATOS_SERVER=12.23.94.89
#
# incoming from home to our VPN added 22/1/06
#
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 1723 -j
DNAT --to ${VPN_SERVER_IP}:1723
iptables -A FORWARD -p tcp -d ${VPN_SERVER_IP} --dport 1723 -o eth1 -j
ACCEPT
iptables -A PREROUTING -t nat -p 47 -d ${OUTSIDE_IP} -j DNAT --to
${VPN_SERVER_IP}
iptables -A FORWARD -p 47 -d ${VPN_SERVER_IP} -o eth1 -j ACCEPT
#
# outgoing to stratos VPN added 12/3/07
#
iptables -A PREROUTING -t nat -p tcp -d ${STRATOS_SERVER} --dport 1723
-j DNAT --to ${STRATOS_CLIENT}:1723
iptables -A FORWARD -p tcp -d ${STRATOS_CLIENT} --dport 1723 -o eth1 -
j
ACCEPT
iptables -A PREROUTING -t nat -p 47 -d ${STRATOS_SERVER} -j DNAT --to
${STRATOS_CLIENT}
iptables -A FORWARD -p 47 -d ${STRATOS_CLIENT} -o eth1 -j ACCEPT
