Kleyson,
No kernel-2.4 uso o módulo pptp do patch-o-matic:
pptp-conntrack-nat - PPTP connection tracking and NAT helper
This adds CONFIG_IP_NF_PPTP:
Connection tracking and NAT support for PPTP. Using this, you can track
PPTP/GRE connections and do SNAT/DNAT. You have to load the following modules
for connection tracking:
ip_conntrack_proto_gre
ip_conntrack_pptp
for NAT:
ip_nat_proto_gre
ip_nat_pptp
The GRE connection is marked as RELATED to the TCP session on port 1723, so all
you need is something like
iptables -j ACCEPT -m state --state RELATED,ESTABLISHED
iptables -j ACCEPT -d my_pptp_server -p tcp --dport 1723 -m state --state NEW
Note that this code currently has limitations
- can only NAT connections from PNS to PAC
- doesnt' support multiple calls within one session
- you have to recompile your iptables userspace program since some
structure sizes change
- does NOT work with kernels > 2.6.10
[]'s
Ultra7
Kleyson Prado wrote:
>Galera,
>
>To precisando de ajuda preciso acessar de dentro da minha rede um
>servidor VPN (Win 2003) remoto, liberei as portas 1723,1245, 500, 50,
>51 e o protocolo 47 - GRE, alguem pode me dar uma ajuda... tipo um
>exemplo de regra ou coisa assim... Na tentativa de acessar ele fica
>Verificando senha e usuario e depois diz q o computador remoto nao
>respondeu, segue o saida do log do iptables... obrigado pela ajuda
>galera...
>
>May 16 12:12:35 geni kernel: ze >IN=eth1 OUT=eth0 SRC=10.0.0.17
>DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=18625 DF
>PROTO=TCP SPT=1246 DPT=1723 WINDOW=65347 RES=0x00 ACK PSH URGP=0
>May 16 12:12:35 geni kernel: ze >IN=eth1 OUT=eth0 SRC=10.0.0.17
>DST=xxx.xxx.xxx.xxx LEN=57 TOS=0x00 PREC=0x00 TTL=127 ID=18626
>PROTO=47
>
>Kleyson Prado
>
>
>
---------------------------------------------------------------------
Esta mensagem pode conter informacao confidencial.
Se voce nao for o destinatario ou a pessoa autorizada a receber
esta mensagem, nao podera usar, copiar ou divulgar as informacoes nela
contidas ou tomar qualquer acao baseada nessas informacoes. Se
voce recebeu esta mensagem por engano, favor avisar imediatamente o
remetente, respondendo o e-mail e, em seguida, apague-o.
Agradecemos sua cooperacao.
This message may contain confidential information.
If you are not the addressee or authorized person to receive it for the
addressee, you must not use, copy, disclose or take any action based on
this message or any information herein. If you have received this message
in error, please advise the sender immediately by replying this e-mail
message and delete it.
Thanks in advance for your cooperation.
----------------------------------------------------------------------
Faculdade de Medicina USP
----------------------------------------------------------------------
--
GUS-BR - Grupo de Usuarios Slackware - BR
http://www.slackwarebrasil.org/
http://www.linuxmag.com.br/mailman/listinfo/slack-users
Archives:
- http://www.mail-archive.com/[email protected]/
- http://news.gmane.org/gmane.org.user-groups.linux.brazil.slackware/
