Win2000 PPTP behind IPTables
 

Hey all,

I currently have a 2000 DC that is now going to act as a PPTP server (I know, but until Samba comes out with Group Policies I am stuck). It is all configured and ready to go. I tested it internally and everything works. Now my problem is that I can't connect to it from the outside world through a RedHat 7.2 IPTables firewall.

These are the rules I have added. Keep in mind I am fairly new to IPTables. I will be eventually going to 9.0, but for now, this is what I got:

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -d <external IP> --dport 1723 -j DNAT --to-destination 192.168.0.5:1723
iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.0.5 --destination-port 1723 -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -d <external IP> --dport 47 -j DNAT --to-destination 192.168.0.5:47
iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.0.5 --destination-port 47 -j ACCEPT

eth0 is external and eth1 is internal. No DMZ. Don't need it.

Everything else is working the very best. Just to know, the command to restart iptables is , service iptables restart right? Nothing else to enter?

Thanks all for the help.

Kevin

It is protocol 47 not port 47. gre is another name for protocol 47

iptables -t nat -A PREROUTING -i eth0 -p 47 -j DNAT --to-destination 192.168.0.5
iptables -A FORWARD -p gre -d 192.168.0.5 -j ACCEPT

is the correct command. If the current rules were not saved then restarting will only reload the old ones.

Thanks michaelk,

I am sorry I didn't write in sooner, I have been soooo busy. That worked 100%. Thanks a lot.