Andy Bennett wrote:
Hi,
Edit what package?
TCP Datapacket, not a package like a rpm or so ;)
The Microsoft WIndows 2000 server is already running pptp/vpn and working fine. All I'm trying to establish is whether it is possible to place it behind the firewall and forward the VPN connection to it so that the rest of the available ports/connections on the MS WIndows 2000 server machine aren't visible, (i.e. vulnerable), to attack.
i know what you're trying but AFAIK your setup isn't possible. Try to establish a PPTP connection from a client BEHIND a gateway to some VPN Server, without special modules it *WILL NOT* work. PPTP packets must be passed thru, not handled like normal, masqueraded, packets. If you reverse the setup, you'll see that DNAT is like masquerading and so PPTP won't work in your setup. You can put the M$ box behind a suse firewall if you have an official IP for the box, too. Then just close all exept the PPTP Port and the maschine is as safe as in your currently setup it would be (if it would work ;)
If, as has been stated, the forward rule simply does NAT on that particular port, 1723, for that particular protocol, TCP, that's all I need isn't it?
it isn't. As i said, afaik you cannot simply NAT PPTP Packets.
To be clear - I am talking about connections to a permantly connected setup from outside - i.e. road warriors.
I know ;) so, HTH and good night (sorry for typos.. it's nearly 4 am and i'm just back from a party %-) Sven