Have you tried this setup already under 2.2? I used to have a masquerading firewall, connected to my cable modem. Behind that, I had a windows machine using Aventail Autosocks to authenticate (and encrypt?) with my company's server. From that windows box, behind my firewall, I could access everything that I was supposed to be able to on my companies LAN. From any other box on the private network that my windows machine was on, my companies LAN was just plain unavailable. No MAC address manipulation (other than what is the default for routing or whatever) was required of me.
So, if you've tried to connect like this, but failed, then first try (TEMORARILY!!!) removing all rules that refuse port connections or forwarding packets coming in to your private network or going out of it. Make sure masquerading is still enabled. If you find that you can then use your VPN from beind your "firewall", then you need to revise the rules to allow whatever packets are normally refused by your firewalling rules. For that, you'll have to seek the help of others, as I'm still trying to figure this stuff out myself; but this much I know. On Thursday 25 January 2001 09:09, TooMany wrote: > I need to work with a vpn program under windoze :(, and I will construct a > firewall with iptables. I see that the new kernel 2.4 have the possibility > to work with mac address. If this is possible, because when the packets > arrive to my firewall the mac addres is the ethernet of firewall- not the > workstation that make the petition- the packet can access directly to > workstation who made the connection... Is this correct? > > Can anybody help me, please? > > A lot of thank's. > > Have a nice day ;-) > TooManySecrets -- Did you know that if you play a Windows 2000 cd backwards, you will hear the voice of Satan? That's nothing! If you play it forward, it'll install Windows 2000.
