I have reason to believe that my iptables configuration is blocking me from accessing a remote vpn server. I am using ubuntu server 8.04 setup as a gateway and this problem was not there when I used to use shorewall firewall. I do most of my configurations using webmin and a few commands here and there. I recently changed to iptables (linux firewall on webmin) so that I can setup a transparent proxy. The transparent proxy works fine. here is my iptables rules Code: GNU nano 2.0.7 File: /etc/iptables.up.rules Modified :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Sat Dec 26 12:17:04 2009 # Generated by iptables-save v1.3.8 on Sat Dec 26 12:17:04 2009 *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE -A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j DNAT --to-destination 192.168.1.20:3128 COMMIT # Completed on Sat Dec 26 12:17:04 2009 # Generated by iptables-save v1.3.8 on Sat Dec 26 12:17:04 2009 *raw :PREROUTING ACCEPT [152:16506] :OUTPUT ACCEPT [135:60036] COMMIT # Completed on Sat Dec 26 12:17:04 2009 I get Error 619: A connection to the remote computer could not be established, so the port for this connection was closed. In windows xp when I try to access a remote vpn server. Any help sorting this problem using the same iptables or shorewall will be appreciated. By the way, I never manage to transparent proxy with shorewall
I am going to do that. It's only that when I either use shorewall on my ubuntu server box and not iptables, I can access the remote server or when I connect my xp pc straight to my adsl router, I can also access it.
That could be because shorewall turns on ip forwarding for you automatically what is the output of Code: cat /proc/sys/net/ipv4/ip_forward if it is a zero run Code: echo "1" >> /proc/sys/net/ipv4/ip_forward Then test.
Code: root@wani:~# iptables -vnL Chain INPUT (policy ACCEPT 6721K packets, 6352M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 27866 packets, 3919K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 6782K packets, 6590M bytes) pkts bytes target prot opt in out source destination
Code: root@wani:~# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 4442 packets, 488K bytes) pkts bytes target prot opt in out source destination 602 29568 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.1.20:3128 Chain POSTROUTING (policy ACCEPT 3255 packets, 226K bytes) pkts bytes target prot opt in out source destination 7094 611K MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 6359 packets, 434K bytes) pkts bytes target prot opt in out source destination
Try loading the connection tracking modules Code: modprobe nf_conntrack_pptp modprobe nf_conntrack_proto_gre
Some latest development. Apparently a pc running ubuntu/linux can connect it's the ones running windows xp that can't.
