Andy Bennett wrote:
Hi,
No. Briefly, I have come into the middle of a situation where a someone else has set up a system for a friend of mine in such a way that his MS VPN box is directly connected to the internet alongside his SuSEfirewall2 like this
Internet | Exterior router | | SuSEfirewall MS/VPN
My first thouht was that the guy had gone mad but then it occurred to me that maybe he knows something I don't. In any event I thought I'd ask here first.
I thought it should be possible to simply put something like
FW_FORWARD="0/0,192.168.1.2,tcp,1723
as Jorn Ott suggested to forward connections directly to the MS VPN machine and let it handle everything but, like I said, am I missing something?
As with ipsec etc. you cannot simply edit the packages (like NAT will do). So you cannot forward the connection i would guess. For your setup you will need to put the win maschine in Front of the firewall or setup the firewall itself as a PPTP Server (or if you need, as client). For PPTP from inside -> outside some masq modules exist (at least for Kernel 2.2.x, dunno if it's ported to 2.4 right now). Maybe such a masq modul would help for your forwarding problem, but i don't think so ;) HTH, Sven