echo 1 > /proc/sys/net/ipv4/ip_forward modprobe iptable_nat iptables -A POSTROUTING -t nat -j MASQUERADE -o eth0 iptables -A POSTROUTING -t nat -j MASQUERADE -o eth1 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1723 -j DNAT --to 10.0.0.4 iptables -t nat -A PREROUTING -i eth0 -p 47 -j DNAT --to 10.0.0.4

Now I can connect to the internet and from an address directly outside my firewall I can connect to the vpn on the inside. The address here is a.b.c.x and the only successful connection has been through a.b.c.y But from another internet location no one can connect

Any ideas?

I have a firewall with a ms vpn on 10.0.0.0 network and a dsl line past the firewall hooking me up to the internet.

What ya gonna try is brave, my sir. You want to simply masquarade the packets a bit and then we all will find ya cooporate informations in plain text on the highway we drive too? OK - to realize a VPN serveral ways are imagenable, e.g. IPSec, what means secure-IP-communcation with encrypted payload and key-exchange mechanismen. Freeswan is a free IX implementation you can build a VPN with www.freeswan.org Good documentation, easy kernel patch. List here mentioned to use 1.91 or 1.95. Yours Michael Appeldorn