I have a PPTP server inside (green) a network. The old firewall was ipchains-based, and now it's iptables. I can't seem to figure out how to route GRE (protocol 47) and 1723 so that it works. I used ipfwd [http://catfish.csail.mit.edu/~cananian/Projects/IPfwd/] on the ipchains side and that worked, but it doesn't work anymore on the 2.4 kernel. Internet -> 2.4/iptables firewall (204.xxx.xx.xx/192.168.0.x) -> PPTP VPN Server (192.168.0.x) I've tried adding these lines to my firewall script: vpnserver="192.168.0.2" RED_DEV="eth1" iptables -N pptp iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT iptables -I FORWARD -j pptp iptables -t nat -N pptp iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to $vpnserver:1723 iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver iptables -t nat -A PREROUTING -j pptp With no success. I suspect that it could be the mppe-ppp modules causing problems. I'm sure that TCP/port 1723 is forwarding properly... but that's all I see when I do a "iptstate" when trying to connect. Trev.
