[Masq] PPTP masq with Redhat 7.0

[Steve Cullingworth]

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


I'm setting up a new masquerading firewall on a Redhat 7.0 machine.
However, I'm running into several difficulties.  I want to use the
masquerading firewall to forward PPTP connections from external clients to a
masqueraded VPN server.  However, I can't seem to initiate a connection from
a Win98 box.  I get a "The remote computer did not respond ..." error.  Now
I have tried telneting to the machine in question on port 1723, but I never
establish a connection.  I also tried running a port scan with nmap and
found that that port 1723 was "filtered".  I'm using a simple ipchains
ruleset (attached below) and still can't get it to work.  What am I doing
wrong?

In a related question, since this machine is being masqueraded, it needs the
PPTP patches for masquerading internal/external VPN connections.  However,
I've read that these patches come by default with Redhat 7.0 (as modules),
so I run these before issuing the IPchains ruleset commands.  Is anything
else required?

Any help or suggestions would be much appreciated.

Thanks,
Steve

-----------------------------------------

/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_pptp
/sbin/modprobe ip_gre

ipchains -P forward DENY

ipchains -F input
ipchains -F output
ipchains -F forward

ipchains -A input  -j ACCEPT -s 192.168.2.0/24 -d 0.0.0.0/0  -i eth1
ipchains -A output -j ACCEPT -s 0.0.0.0/0  -d 192.168.2.0/24 -i eth1

ipchains -A forward -j MASQ   -s 192.168.2.0/24 -d 0.0.0.0/0  -i eth0
ipchains -A output  -j ACCEPT -s 0.0.0.0/0  -d 0.0.0.0/0  -i eth0
ipchains -A input   -j ACCEPT -s 0.0.0.0/0  -d 0.0.0.0/0  -i eth0

IPMASQ='/usr/sbin/ipmasqadm portfw '
IPFW='/usr/local/sbin/ipfwd '

$IPMASQ -a -P tcp -L 200.200.200.200 1723 -R 192.168.2.1 1723
$IPFW --masq 192.168.2.1 47 &

Columbus Group
people-centered internet solutions 

Steve Cullingworth 
Systems Administrator
[EMAIL PROTECTED]
www.columbusgroup.com
604 801 5758 ext. 293
Vancouver + Toronto + Seattle

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.