[CentOS] OT: routing between eth0 and ppp0 WITHOUT NAT

James Pifer

jep at obrien-pifer.com
Mon Mar 13 13:04:56 UTC 2006


Sorry to post this here, but since last week I've posted to Fedora's
mailing list, pptp-devel's list, and linuxgeneral forum. No one has
given much for answers, or the people that have replied have not
understood what I'm looking for. Hoping someone here can. For the
record, I'm doing this on FC3 not CentOS. Anyway, if anyone can provide
assistance I would be very appreciative.

I'm trying to setup linux as a router instead of a MASQ/NAT over a VPN.
So I'm trying to "connect" to private networks using the VPN as the
conduit. 

Here are the details:

On a Fedora Core 3 machine
	1) running pptpclient
	2) pptpclient is configured to do "LAN to LAN"
	3) machine set to act as a router:
	   /proc/sys/net/ipv4/ip_forward is set to 1

After I make the pptp connection I do: iptables -F

When I try to use the connection the machine is still doing NAT. 

So next I also do: iptables -t nat -F

Now, that breaks it so other machines cannot access the remote network
at all, even though the static routes are still in place. For example, I
have a windows machine that can access the remote network before blowing
the nat table away. After blowing the nat table away, if I do a tracert
on the windows machine, the tracert stops at the internal nic (eth0) of
the FC3 pc with the vpn connection. It is also setup as a router. So it
never does an routing. 

I've also played with lots of different rules found on the net for
dealing with H323 over iptables and have had no success. I've also
loaded ip_conntrack and that did not make a difference. 

So the FC3 machine, with a connection to eth0 and ppp0, plus set to act
as a router, does not appear to act as a router between eth0 and ppp0. 

Is it possible to make it be a router between eth0 and ppp0 WITHOUT
masquerade? Just be a router.... We have routes on the other side
telling the routers how to reach my internal network. 

To ask the question why? I have an IPPhone that does not work through
iptables. In the past I used IPCop as my firewall and connect to my
company with branch office VPN. The VPN was great and super stable, but
the IPPhone would connect once in a while at best. Research showed the
problem was iptables. I now have a hardware router that does branch
office and the phone works pretty well. I want to try and get it to work
with the above scenrio so I can take the phone with me on the road. I
would like to pptp vpn using laptop's wireless NIC. Then have the phone
directly connected to the 10/100 NIC with a crossover cable. Maybe I'm
in a dreamland and this is not possible, I don't know.

Any assistance is appreciated. 

James




More information about the CentOS mailing list