LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: lvs/firewall/vpn question

from [lco] [Permanent Link]
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: lvs/firewall/vpn question
From: "lco" <lco@xxxxxxxxxx>
Date: Mon, 3 Dec 2001 21:16:31 -0800 
there was a typo in the lines. the correction is below

IPTABLES -t nat -A PREROUTING -p TCP -i eth0 -d
200.200.200.108 --destination-port 1723 -j DNAT --to-destination 10.0.0.108

IPTABLES -t nat -A PREROUTING -i eth0 -p 47 -j DNAT --to 10.0.0.108

IPTABLES -A tcp_packets -p tcp -d 200.200.200.108 --destination-port 1723 -j
ACCEPT

--------------------------------------------------

Mike, isn't that what i've done given the info above? Or have I made any
mistakes?

Thanks

Lco


-----Message-----
From: lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Michael
McConnell
Sent: Monday, December 03, 2001 9:08 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: lvs/firewall/vpn question


In addition to TCP port 1723 you need to be pass GRE packets as well.

Mike

----- Original Message -----
From: "lco" <lco@xxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Monday, December 03, 2001 4:23 PM
Subject: lvs/firewall/vpn question


>
> Hi, I'm not sure if this is the right place to ask the question, but here
it
> goes...
>
> I've got an lvs working with 2.4.9 kernel and did it by following the
kernel
> compile instruction from the lvs how-to. My setup is a lvs-nat.
>
> I'm now trying to get a vpn connection to a windows 2000 server that sits
> behind the director. I can get only get one connection through the
director
> via vpn. Has anyone worked with this issue before? Do I need a extra
kernel
> patch in order to forward packets back and forth between vpn client and
> server? or I'm configuring my iptables incorrectly? Here are some lines i
> added specifically for vpn from my iptable config file...
>
> --------------------------------------------------------------
>
> IPTABLES -t nat -A PREROUTING -p TCP -i eth0 -d
> 200.200.200.108 --destination-port 800 -j DNAT --to-destination 10.0.0.108
>
> IPTABLES -t nat -A PREROUTING -i eth0 -p 47 -j DNAT --to 10.0.0.108
>
> IPTABLES -A tcp_packets -p tcp -d 200.200.200.108 --destination-port
1723 -j
> ACCEPT
>
> --------------------------------------------------------------
>
> TIA for any input.
>
> lco
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>


_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: lvs/firewall/vpn question, Michael McConnell
Next by Date:  Re: First connection always to lowest IP?, Padraig Brady
Previous by Thread:  Re: lvs/firewall/vpn question, Michael McConnell
Next by Thread:  Re: Ipvs 0.9.3 : panic on heavy load : SOLVED., Lionel Bringuier
Indexes:  [Date] [Thread] [Top] [All Lists]