iptables + pptp + special case

I have a site with the iptables rules below (12/3/07 I added) currently the firewall is set to forward all tcp:1723 and all GRE to the internal VPN server. However they need one PC inside the org connect to a outside VPN I added the rules (12/3/07) hoping to add a special case whereby any tcp:1723 and GRE from STRATOS_SERVER(12.23.94.89) should be forwarded to the STRATOS_CLIENT PC. However my iptables logic doesn't seem to add up can anyone shed some light to what might be the hang up?

VPN_SERVER_IP=192.168.0.62 STRATOS_CLIENT=192.168.0.31 STRATOS_SERVER=12.23.94.89

# # incoming from home to our VPN added 22/1/06 #

iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 1723 -j DNAT --to ${VPN_SERVER_IP}:1723 iptables -A FORWARD -p tcp -d ${VPN_SERVER_IP} --dport 1723 -o eth1 -j ACCEPT iptables -A PREROUTING -t nat -p 47 -d ${OUTSIDE_IP} -j DNAT --to ${VPN_SERVER_IP} iptables -A FORWARD -p 47 -d ${VPN_SERVER_IP} -o eth1 -j ACCEPT

# # outgoing to stratos VPN added 12/3/07 #

iptables -A PREROUTING -t nat -p tcp -d ${STRATOS_SERVER} --dport 1723

-j DNAT --to ${STRATOS_CLIENT}:1723 iptables -A FORWARD -p tcp -d ${STRATOS_CLIENT} --dport 1723 -o eth1 - j ACCEPT iptables -A PREROUTING -t nat -p 47 -d ${STRATOS_SERVER} -j DNAT --to ${STRATOS_CLIENT} iptables -A FORWARD -p 47 -d ${STRATOS_CLIENT} -o eth1 -j ACCEPT

Reply to
merrittr
Loading thread data ...

[...]

For outbound connections you need SNAT, not DNAT.

formatting link
cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.