VPN forwarding through iptables [SOLVED]

Talk about anything you like here: as long as it's technical, doesn't fit into the other categories and is within the rules. Questions and discussions about operating systems, programming, websites, hosting, ADSL etc. are particularly welcome here.
Post Reply
User avatar
studioeng
Experienced
Experienced
Posts: 454
Joined: Mon Oct 23, 2006 11:59 pm
Location: Dorset, England
Contact:

VPN forwarding through iptables [SOLVED]

Post by studioeng » Tue May 26, 2009 11:39 am

I've been locking down my network with iptables but I've been getting some trouble with vpn (pptp). I've been doing some reading about forwarding the gre protocol, but nothing I try seems to work.

Basically, I would like to be able to use 'use default gateway on remote network' on windows boxes. When I reset iptables to accept all, traffic appears to go through quite happily but I just can't nail the right commands to get it working with the iptables script turned on.

On the server the pptp is the same subnet/mask as the internal network.
server = 10.0.1.254
mask = 255.255.255.0
vpn server address = 10.0.1.90
vpn client range = 10.0.1.80-89

This is an example of my iptables script:

Code: Select all

iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT

iptables -A FORWARD -p gre -s 10.0.1.0/24 -d 10.0.1.0/24 -j ACCEPT
 ** this is probably self defeating **

iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
I've been googling but most if not all of the tuts I found are about forwarding vpn and gre from internet to internal network, in my case I'm trying to forward/proxy vpn traffic through my home external gateway.

Thanks

PS I forgot to mention that iptables floats over my head, so please be gentle and make is as boring and simple for me :D thanku

Edit: I think I sorted it :/ either that or complete fluke.

Code: Select all

iptables -F
iptables -t nat -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT

iptables -A FORWARD -i eth0 -o ppp+ -m state --state NEW -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -m state --state NEW -p gre -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
[/color]
User avatar
studioeng
Experienced
Experienced
Posts: 454
Joined: Mon Oct 23, 2006 11:59 pm
Location: Dorset, England
Contact:

Re: VPN forwarding through iptables [SOLVED]

Post by studioeng » Mon Jun 21, 2010 9:33 am

What are you running on the two machines, Windoze or Linux?
Post Reply