1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with IPTABLES

Discussion in 'DD-WRT Firmware' started by Bent_e, Aug 19, 2005.

  1. Bent_e

    Bent_e Network Guru Member

    I have the following problem: I would like to run a PPTP VPN server on my WRT54G so I can VPN into my local LAN, but I also need to be able to connect to my company VPN (PPTP) from my local LAN. When I set up the PPTP server on my WRT54G, I can VPN perfectly into my local LAN. If I disables the PPTP server I can connect perfectly to my company VPN. BUT when the PPTP server is enabled, I cannot connect to my company VPN, because my PPTP server intercepts the GRE protocol traffic.

    I have tried to set up iptables so it will forward GRE protocol traffic comming from my company VPN to my laptop (on my LAN), so that for this specific IP address I bypass the PPTP server. I this possible - and how?

    Best regards,

  2. 4Access

    4Access Network Guru Member

    What version router do you have? Maybe try the following rules: (untested)

    iptables -t nat -I PREROUTING 1 -i vlan1 -s <Company VPN Server IP> -p 47 -j DNAT --to-destination <Your Laptop IP>

    iptables -I FORWARD 2 -s <Company VPN Server IP> -d <Your Laptop IP> -p 47 -j ACCEPT

    If you've got hardware version 1.x you'll probably need to replace "vlan1" with "eth1"

    Let me know how it goes!
  3. Bent_e

    Bent_e Network Guru Member

    It works perfectly! Thanks a million! I was on the right track, but I didn't figure putting in the "-i vlan1" part of the first command and I had no success up til now.

    I have put the lines in rc_startup with a sleep 20 at the top so now it also works if I have to restart the router.

    Thanks again!!

    Best regards,


    PS: I have v2.2 hardware, so vlan1 works good for me.
  4. 4Access

    4Access Network Guru Member

    That's great news! Glad you got it working. :thumb:
  5. cedlille

    cedlille Guest

    Is it possible to allow a range of IP for exemple [ ->] ???

    Because in this example only ONE ip is allowed to connect.

    I'm not easy with Iptable but i'm sure some of you are !!!

    Many Thanks
  6. sufrano63

    sufrano63 Network Guru Member

Share This Page