Ok your explanations of some of the terminology is making more sense. The little diagram I understand a bit better
One thing I need to clear up...from what I've read on google VPN via PPTP needs to use Protocol 47 (GRE) and then forward Port 1723. I guess this is a Microsoft thing since microsoft came up with the PPTP? Not sure. Anyway, I think I have the Protocol vs Port part correct (again based on what others say)
"I wish I could make this clear, but I think you have some basic networking terms to learn. Each packet of data has values inside that indicate SRC (where it came from), DEST (where it's going). Your rules are intended to match against the packet and decide what to do - DROP, ACCEPT, ALTER (NAT/REDIRECT). If things are working fine without the firewall then you will not need to ALTER any packets. They are already going to where they need to. You just want to add enough rules so they continue but other stuff doesn't also get thru."
So Here is my next try that didn't work, I cleaned it up a bit (I hope)...and then "#" out the pre and post routing rules since I dont need to alter the traffic because I connect fine with the firewall down...im a bit confused on this, isn't the traffic coming in and out from the vpn encrypted so it has to be altered for the eth1? Or is it taken care of in the pptp protocal in network manager?
Do I need to open port 1723 on eth1 and open protocal 47 on eth1 as well.
#Allow incoming VPN connections and PreRouting(not needed since I can connect without firewall down?) for Protocal 47 and Port 1723
#iptables -t nat -A PREROUTING -i ppp0 -p 47 -j DNAT --to 80.67.2.64/27
iptables -A INPUT -i ppp0 -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 1723 -j DNAT --to 80.67.2.64/27
iptables -A INPUT -i ppp0 -p tcp --sport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
#Allow outgoing VPN connections and PostRouting (not needed since I can connect without firewall down?) for Protocal 47 and Port 1723
iptables -I OUTPUT -o ppp0 -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT -o ppp0 -p tcp --dport 1723 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to 80.67.2.64/27
#Allow traffic back and forth between eth1 and ppp0 networks
iptables -A FORWARD -o ppp0 -p tcp --dport 1723 -d 80.67.2.64/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -p 47 -s 80.67.2.64/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Im not really sure what I want to do in english so its hard for me to write it out, but something like this..just starting with the basics of getting to the internet with the VPN.
1.- I want to be able to connect to the VPN with the firewall up
2.- I want to be able to get all incoming internet traffic "normally" like I would as if I was not connected to the VPN
3.- I want to be able to send all traffic out "normally" as if not connected to the VPN
Thats about as basic as I can get...once I start adding specifics I get lost
Bookmarks