I have a server with shorewall 3.2.6 Etch and a squid and filtering all internet traffic from the local network, in a brief withdraws 2003 which allowed users connect from home VPN fails while but everything that used to migrate to SQL MYSQL I have to accept VPN connections operating ... the subject is that if you redirect the port 1723 (which are now used for VPN connections against 2003) to the Debian server, you could make all the requests port 1723 to redirect to the machine 2003 through shorewall and lusers that still use the connections as 2003 so far as if nothing had happened ? I have been testing a little issue with DNAT and REDIRECT does not work for me .. but the truth is that I am slightly concerned the issue of security and the VPN of this 2003 by shorewall login .... so it could filter Public IP's with no problem and the rest .... DROP Debian Etch Server: eth1 192.168.2.92>> corporative network linux eth2 192.168.1.92>> internet | Windoze corporative network and a VPN server with pptp 2003 Windoze 2003 eth1 192.168.1.120 eth2 192.168.2.72 / etc / shorewall / rules # Accept public IP's ACCEPT net: 85.xx.xx.xxx fw tcp 22 ACCEPT net: 85.xx.xx.xxx fw tcp 1723 ACCEPT net: 85.xx.xx.xxx fw udp 1723 # DNAT DNAT net loc: 192.168.2.72 tcp 1723 -- DNAT net loc: 192.168.2.72 udp 1723 -- when I apply this rule can not connect the result is 'Modem Hungup' if on the contrary (and wrongly) put on the DNAT rules: # DNAT net loc: 192.168.2.72 tcp 1723 -- # DNAT net loc: 192.168.2.72 udp 1723 -- DNAT net loc: 192.168.1.120 tcp 1723 -- DNAT net loc: 192.168.1.120 udp 1723 -- syslog gives me a msg of "forwarding / reject 'and to make forwarding within a network range is incorrect, for example 192.168.1.92 (Debian) to 192.168.1.120 (Windoze), but if posted on 192.168.1.92 to 192.168.2.72 DNAT of the syslog does not complain but the end result is' Hangup 'from kvpnc can not connect ...... maybe better try and resolve the issue directly with iptables? if not actually through shore can do .... port 1723 points to the router eth2 192.168.1.92 server debian thanks
