It was sooooo simple ! Just use [iptables] ipchains to setup the rules and we have a nice passthrough !
THANKS a lot, everything works perfectly now ! Greg > Hi Gregiore, > > Gregoire Hostettler wrote: > > Thank you, Brendan, > > > > This is a good starting point. > > > > But will this package implement GRE (port 47) ? Just because I need to > > install the Linmux box as a firewall. > > In fact it is already a fw. What I need is just to make VPN encapsulated > > packets to go through the firewall to the VPN server which is located > > in the inside LAN. > > If all you want to do is forward PPTP packets to an internal (public IP) > PPTP VPN server that's easy. Under kernel 2.4: > > # For the initial PPTP authentication > iptables -A INPUT -p TCP -s <your VPN server> --dport 1723 -j ACCEPT > iptables -A INPUT -p TCP -d <your VPN server> --sport 1723 -j ACCEPT > > # Then for forwarding GRE > iptables -A INPUT -p 47 -s <your VPN server> -j ACCEPT > iptables -A INPUT -p 47 -d <your VPN server> -j ACCEPT > > If you want to masquerade PPTP packets to an internal (private IP) PPTP > server then read this howto: > > http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html > > However, this only covers kernels 2.0 and 2.2. I haven't tried doing > this under 2.4 yet. > > > > > And do I need samba ? I want to keep my Debian fw with as few daemons as > > possible, as you can guess ;-) > > > > You only need Samba if you want to provide Windows file and printer > sharing on the firewall itself. PPTP does not require Samba. > > > Anyway THANK YOU for your help ! > > No problems. Hope this helps! > > Brendan > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]