RE: PPTP through masquerading gateway

Mon, 08 Jul 2002 16:31:27 -0700 


> I used :
> - kernel 2.4.17 (Because the patch is for *that* kernel. I'm 
> no hacker so I'm not going to try it on another kernel...).
> - the PPTP kernel patch from 
> http://www.impsec.org/linux/masquerade/ip_masq_vpn.html.
> - iptables-1.2.6a.
> - the default gcc from RH-7.3 (2.96, I know, I know...)

I'm using 2.4.18 I know not designed for the patch, My FS only 
Works with 2.4.18. Someone told me the 2.4.17rev2 Patch works
With 2.4.18 it doesn't unless you use

patch �p1 < netfilter-pptp-2.4.17-rev2.patch


> 
> Untar the kernel source to /usr/src/linux.
> Untar the patch to /usr/src.
> Untar iptables to /usr/src/iptables-1.2.6a
> 
> cd /usr/src
> patch �p0 < netfilter-pptp-2.4.17-rev2.patch
> 
> cd /usr/src/iptables-1.2.6a
> make pending-patches KERNEL_DIR=/usr/src/linux

Correct me if I'm wrong doesn't the INSTALL file say you 
Need a 2.4.4 kernel in order for it to work.

> 
> If all went well go ahead and configure your kernel.
> cd /usr/src/linux
> make xconfig (or whatever you like to use)
> 
> Check all (networking) options that apply.
> There are two new options in the kernel config :
> - Networking options -> IP: Netfilter Configuration -> PPTP 
> protocol support
> - Networking options -> IP: Netfilter Configuration -> PPTP 
> verbose debug Make sure you check the first. If you want 

When I patched or seudo patched it I the pptp option did show up.


> cd /usr/src/iptables-1.2.6a
> make KERNEL_DIR=/usr/src/linux
> make install KERNEL_DIR=/usr/src/linux

Interesting you did this after compiling the kernel.


> 
> Reboot and make sure to boot the new kernel.
> 
> Now for the forwarding rules.
> I'm taking values from this post. Since it's not mentioned, I 
> take eth0 as the LAN NIC. 
> http://www.netfilter.org/documentation/tutorials/blueflux/ipta
bles-tutorial.



>iptables -A FORWARD -p tcp -i ppp0 -o eth0 -d 10.1.1.15 --dport 1723 -j
ACCEPT iptables -A FORWARD -p 47 -i ppp0 -o eth0 -d 10.1.1.15 -j ACCEPT

>iptables -t nat -A PREROUTING -p tcp -i ppp0 -d <external-ip> --dport
1723 -j DNAT --to 10.1.1.15:1723 iptables -t nat -A PREROUTING -p 47 -i
ppp0 -d >>><external-ip> -j DNAT --to 10.1.1.15

I used the same commands to test it. I will try the order you used.
Thanks for taking the time though.
What I'm trying most desperatly not to do is have to revert back to ext2
and a 2.4.17 kernel.



























					Reply via email to