HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Forwarding port 1723 debian >> Windoze 2003 (http://www.howtoforge.com/forums/showthread.php?t=31321)

mdk 14th February 2009 12:42

Forwarding port 1723 debian >> Windoze 2003
 
I have a server with shorewall 3.2.6 Etch and a squid and filtering all internet traffic from the local network, in a brief withdraws 2003 which allowed users connect from home VPN fails while but everything that used to migrate to SQL MYSQL I have to accept VPN connections operating ... the subject is that if you redirect the port 1723 (which are now used for VPN connections against 2003) to the Debian server, you could make all the requests port 1723 to redirect to the machine 2003 through shorewall and lusers that still use the connections as 2003 so far as if nothing had happened ? I have been testing a little issue with DNAT and REDIRECT does not work for me .. but the truth is that I am slightly concerned the issue of security and the VPN of this 2003 by shorewall login .... so it could filter Public IP's with no problem and the rest .... DROP


Debian Etch Server:

eth1 192.168.2.92>> corporative network linux
eth2 192.168.1.92>> internet | Windoze corporative network and a VPN server with pptp 2003

Windoze 2003

eth1 192.168.1.120
eth2 192.168.2.72

/ etc / shorewall / rules

# Accept public IP's

ACCEPT net: 85.xx.xx.xxx fw tcp 22
ACCEPT net: 85.xx.xx.xxx fw tcp 1723
ACCEPT net: 85.xx.xx.xxx fw udp 1723

# DNAT

DNAT net loc: 192.168.2.72 tcp 1723 --
DNAT net loc: 192.168.2.72 udp 1723 --

when I apply this rule can not connect the result is 'Modem Hungup'

if on the contrary (and wrongly) put on the DNAT rules:

# DNAT net loc: 192.168.2.72 tcp 1723 --
# DNAT net loc: 192.168.2.72 udp 1723 --
DNAT net loc: 192.168.1.120 tcp 1723 --
DNAT net loc: 192.168.1.120 udp 1723 --

syslog gives me a msg of "forwarding / reject 'and to make forwarding within a network range is incorrect, for example 192.168.1.92 (Debian) to 192.168.1.120 (Windoze), but if posted on 192.168.1.92 to 192.168.2.72 DNAT of the syslog does not complain but the end result is' Hangup 'from kvpnc can not connect ...... maybe better try and resolve the issue directly with iptables? if not actually through shore can do ....

port 1723 points to the router eth2 192.168.1.92 server debian

thanks


All times are GMT +2. The time now is 16:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.