Sorry to post this here, but since last week I've posted to Fedora's mailing list, pptp-devel's list, and linuxgeneral forum. No one has given much for answers, or the people that have replied have not understood what I'm looking for. Hoping someone here can. For the record, I'm doing this on FC3 not CentOS. Anyway, if anyone can provide assistance I would be very appreciative.
I'm trying to setup linux as a router instead of a MASQ/NAT over a VPN. So I'm trying to "connect" to private networks using the VPN as the conduit.
Here are the details:
On a Fedora Core 3 machine 1) running pptpclient 2) pptpclient is configured to do "LAN to LAN" 3) machine set to act as a router: /proc/sys/net/ipv4/ip_forward is set to 1
After I make the pptp connection I do: iptables -F
When I try to use the connection the machine is still doing NAT.
So next I also do: iptables -t nat -F
Now, that breaks it so other machines cannot access the remote network at all, even though the static routes are still in place. For example, I have a windows machine that can access the remote network before blowing the nat table away. After blowing the nat table away, if I do a tracert on the windows machine, the tracert stops at the internal nic (eth0) of the FC3 pc with the vpn connection. It is also setup as a router. So it never does an routing.
I've also played with lots of different rules found on the net for dealing with H323 over iptables and have had no success. I've also loaded ip_conntrack and that did not make a difference.
So the FC3 machine, with a connection to eth0 and ppp0, plus set to act as a router, does not appear to act as a router between eth0 and ppp0.
Is it possible to make it be a router between eth0 and ppp0 WITHOUT masquerade? Just be a router.... We have routes on the other side telling the routers how to reach my internal network.
To ask the question why? I have an IPPhone that does not work through iptables. In the past I used IPCop as my firewall and connect to my company with branch office VPN. The VPN was great and super stable, but the IPPhone would connect once in a while at best. Research showed the problem was iptables. I now have a hardware router that does branch office and the phone works pretty well. I want to try and get it to work with the above scenrio so I can take the phone with me on the road. I would like to pptp vpn using laptop's wireless NIC. Then have the phone directly connected to the 10/100 NIC with a crossover cable. Maybe I'm in a dreamland and this is not possible, I don't know.
Any assistance is appreciated.
James