Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th February 2009, 13:42
mdk mdk is offline
Junior Member
 
Join Date: Mar 2008
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Forwarding port 1723 debian >> Windoze 2003

I have a server with shorewall 3.2.6 Etch and a squid and filtering all internet traffic from the local network, in a brief withdraws 2003 which allowed users connect from home VPN fails while but everything that used to migrate to SQL MYSQL I have to accept VPN connections operating ... the subject is that if you redirect the port 1723 (which are now used for VPN connections against 2003) to the Debian server, you could make all the requests port 1723 to redirect to the machine 2003 through shorewall and lusers that still use the connections as 2003 so far as if nothing had happened ? I have been testing a little issue with DNAT and REDIRECT does not work for me .. but the truth is that I am slightly concerned the issue of security and the VPN of this 2003 by shorewall login .... so it could filter Public IP's with no problem and the rest .... DROP


Debian Etch Server:

eth1 192.168.2.92>> corporative network linux
eth2 192.168.1.92>> internet | Windoze corporative network and a VPN server with pptp 2003

Windoze 2003

eth1 192.168.1.120
eth2 192.168.2.72

/ etc / shorewall / rules

# Accept public IP's

ACCEPT net: 85.xx.xx.xxx fw tcp 22
ACCEPT net: 85.xx.xx.xxx fw tcp 1723
ACCEPT net: 85.xx.xx.xxx fw udp 1723

# DNAT

DNAT net loc: 192.168.2.72 tcp 1723 --
DNAT net loc: 192.168.2.72 udp 1723 --

when I apply this rule can not connect the result is 'Modem Hungup'

if on the contrary (and wrongly) put on the DNAT rules:

# DNAT net loc: 192.168.2.72 tcp 1723 --
# DNAT net loc: 192.168.2.72 udp 1723 --
DNAT net loc: 192.168.1.120 tcp 1723 --
DNAT net loc: 192.168.1.120 udp 1723 --

syslog gives me a msg of "forwarding / reject 'and to make forwarding within a network range is incorrect, for example 192.168.1.92 (Debian) to 192.168.1.120 (Windoze), but if posted on 192.168.1.92 to 192.168.2.72 DNAT of the syslog does not complain but the end result is' Hangup 'from kvpnc can not connect ...... maybe better try and resolve the issue directly with iptables? if not actually through shore can do ....

port 1723 points to the router eth2 192.168.1.92 server debian

thanks
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail Question: installed smf forum on centos perfect server setup with ispconfig happz Installation/Configuration 7 22nd August 2008 14:15
Getting e-mail working hansoffate Installation/Configuration 29 13th August 2008 17:33
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 01:57
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 23:40
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 08:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.