I have a site with the iptables rules below (12/3/07 I added) currently the firewall is set to forward all tcp:1723 and all GRE to the internal VPN server. However they need one PC inside the org connect to a outside VPN I added the rules (12/3/07) hoping to add a special case whereby any tcp:1723 and GRE from STRATOS_SERVER(12.23.94.89) should be forwarded to the STRATOS_CLIENT PC. However my iptables logic doesn't seem to add up can anyone shed some light to what might be the hang up?
VPN_SERVER_IP=192.168.0.62 STRATOS_CLIENT=192.168.0.31 STRATOS_SERVER=12.23.94.89
# # incoming from home to our VPN added 22/1/06 #
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 1723 -j DNAT --to ${VPN_SERVER_IP}:1723 iptables -A FORWARD -p tcp -d ${VPN_SERVER_IP} --dport 1723 -o eth1 -j ACCEPT iptables -A PREROUTING -t nat -p 47 -d ${OUTSIDE_IP} -j DNAT --to ${VPN_SERVER_IP} iptables -A FORWARD -p 47 -d ${VPN_SERVER_IP} -o eth1 -j ACCEPT
# # outgoing to stratos VPN added 12/3/07 #
iptables -A PREROUTING -t nat -p tcp -d ${STRATOS_SERVER} --dport 1723
-j DNAT --to ${STRATOS_CLIENT}:1723 iptables -A FORWARD -p tcp -d ${STRATOS_CLIENT} --dport 1723 -o eth1 - j ACCEPT iptables -A PREROUTING -t nat -p 47 -d ${STRATOS_SERVER} -j DNAT --to ${STRATOS_CLIENT} iptables -A FORWARD -p 47 -d ${STRATOS_CLIENT} -o eth1 -j ACCEPT