[lug] iptables/PPTP VPN question...

Rob Peacock rob at rmpg.org
Mon Mar 11 21:08:35 MST 2002

Have a question for you all. Here's my situation. I have an XP laptop
sitting on a private IP lan, going through an iptables NAT firewall,
through the Internet to a VPN server with a public IP. 

XP Laptop  -->  Cisco 4000   -->   Firewall -->   Internet --> VPN Server    eth1		xx.xx.xx.xx	      eth0 xx.xx.xx.xx

The XP laptop is using M$'s built-in PPTP client. I have no choice in this,
it's my wife's employer that insists on it, and they are willing to do zip
to help support anyone not using a real IP directly on the 'net.

The Cisco 4000 is doing nothing but straight routing of a /24 and 3 /30

The firewall is RH 7.2 with a custom 2.4.7-10 kernel, all networking
support is compiled in, so no modules.

iptables is v 1.2.3

I am only using the firewall for NAT right now, there are no other rules on
it and I can't get the GRE packets to traverse through the NAT.

I have tried to find HOW-TO's and FAQ's for this but most suggest
recompiling the kernel with a dozen patches, and a half-dozen patches
applied to ipchains. I would prefer to go with iptables as it has already
been announced that ipchains will no longer be supported in kernel 2.6 and
above. (The way things move, that'll probably mean next year.)

I can provide more info, including tcpdump traces, if needed.

Thanks all,


Linux RedHat: The Ultimate NT Service Pack

More information about the LUG mailing list