True (stewart) , there's no security, but at the moment i'd like it works first.
I put the rule
iptables -A FORWARD -p 47 -j ACCEPT
but it doesn't really change anything because i have tried with a default policy in ACCEPT. I forward all the packets to make sure that they reach my machine.
In the kernel i enabled
IP : tunneling
IP : gre over ip
and almost everything in the networking section except Netlink device emulation, Socket Filtering, IP: multicasting, kernel level auto configuration.
tcpdump -vvv -i eth0 src host $remotemchine and dst port 1723
tcpdump: listening on eth0
display nothing, it's like the packets aren't accepted
Antony Stone <[EMAIL PROTECTED]> a écrit :
On Tuesday 28 May 2002 10:27 am, Miky J wrote:
> I thought this rule was forwarding all the packets to my windows2k machine.
>
> iptables -t nat -A PREROUTING -s $internet -i eth0 -j DNAT --to
> $vpncomp
This is a PREROUTING rule, not a FORWARDING rule.
You need to make sure you are FORWARDING protocol 47 (GRE) through your
firewall. This is not port 47, this is not TCP, this is not UDP, this is a
different *protocol* number.
You want something like:
iptables -A FORWARD -p 47 -j ACCEPT
(You might want to specify some interfaces, or some IP addresses as well, but
it's the -p 47 which is the important bit).
Antony.
Yahoo! Mail -- Une adresse @yahoo.fr gratuite et en français !
