Forwarding port 1723 debian >> Windoze 2003

Discussion in 'Server Operation' started by mdk, Feb 14, 2009.

  1. mdk

    mdk New Member

    I have a server with shorewall 3.2.6 Etch and a squid and filtering all internet traffic from the local network, in a brief withdraws 2003 which allowed users connect from home VPN fails while but everything that used to migrate to SQL MYSQL I have to accept VPN connections operating ... the subject is that if you redirect the port 1723 (which are now used for VPN connections against 2003) to the Debian server, you could make all the requests port 1723 to redirect to the machine 2003 through shorewall and lusers that still use the connections as 2003 so far as if nothing had happened ? I have been testing a little issue with DNAT and REDIRECT does not work for me .. but the truth is that I am slightly concerned the issue of security and the VPN of this 2003 by shorewall login .... so it could filter Public IP's with no problem and the rest .... DROP

    Debian Etch Server:

    eth1>> corporative network linux
    eth2>> internet | Windoze corporative network and a VPN server with pptp 2003

    Windoze 2003


    / etc / shorewall / rules

    # Accept public IP's

    ACCEPT net: fw tcp 22
    ACCEPT net: fw tcp 1723
    ACCEPT net: fw udp 1723

    # DNAT

    DNAT net loc: tcp 1723 --
    DNAT net loc: udp 1723 --

    when I apply this rule can not connect the result is 'Modem Hungup'

    if on the contrary (and wrongly) put on the DNAT rules:

    # DNAT net loc: tcp 1723 --
    # DNAT net loc: udp 1723 --
    DNAT net loc: tcp 1723 --
    DNAT net loc: udp 1723 --

    syslog gives me a msg of "forwarding / reject 'and to make forwarding within a network range is incorrect, for example (Debian) to (Windoze), but if posted on to DNAT of the syslog does not complain but the end result is' Hangup 'from kvpnc can not connect ...... maybe better try and resolve the issue directly with iptables? if not actually through shore can do ....

    port 1723 points to the router eth2 server debian


Share This Page