cool I will try that tonight, does this look more sensible :
#
# outgoing to stratos VPN added 12/3/07
#
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 1723 -j
DNAT --to ${STRATOS_CLIENT}:1723 -s ${STRATOS_SERVER}
iptables -A FORWARD -p tcp -d ${STRATOS_CLIENT} --dport 1723 -o eth1 -j
ACCEPT
iptables -A PREROUTING -t nat -p 47 -d ${OUTSIDE_IP} -j DNAT --to
${STRATOS_CLIENT} -s ${STRATOS_SERVER}
iptables -A FORWARD -p 47 -d ${STRATOS_CLIENT} -o eth1 -j ACCEPT
#
# incoming from home to our VPN added 22/1/06
#
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 1723 -j
DNAT --to ${VPN_SERVER_IP}:1723
iptables -A FORWARD -p tcp -d ${VPN_SERVER_IP} --dport 1723 -o eth1 -j
ACCEPT
iptables -A PREROUTING -t nat -p 47 -d ${OUTSIDE_IP} -j DNAT --to
${VPN_SERVER_IP}
iptables -A FORWARD -p 47 -d ${VPN_SERVER_IP} -o eth1 -j ACCEPT
>
> Next, these rules stratos rules are saying if the traffic is going to
> the stratos server, forward port 1723 to the internal client. What I
> think you're trying to say is
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 1723
> -j DNAT --to ${STRATOS_CLIENT}:1723 -s ${STRATOS_SERVER}
>
> This says if the traffic is to coming to you, and its from stratos,
> send it to the stratos client.
>
> Try something like that.
>
Received on Tue Mar 13 10:05:16 2007
This archive was generated by hypermail 2.1.8 : Tue Mar 13 2007 - 10:05:26 CST