Home > linux > L2TP iptables port forward

L2TP iptables port forward

June 14Hits:12

I'm setting up port forwarding for an L2TP VPN connection to the local Windows 2003 VPN server. The router is a simpel Debian machine with iptables. The VPN server works perfect. But I cannot log in from the WAN. I'm missing something.

The VPN server is using a pre-shared key (L2TP) and give's out an IP in the range: Local network range is

I added the route: with route add -net netmask gw (the vpn server)

iptables -t nat -A PREROUTING -p udp --dport 1701 -i eth0 -j DNAT --to iptables -A FORWARD -p udp --dport 1701 -j ACCEPT iptables -t nat -A PREROUTING -p udp --dport 500 -i eth0 -j DNAT --to iptables -A FORWARD -p udp --dport 500 -j ACCEPT iptables -t nat -A PREROUTING -p udp --dport 4500 -i eth0 -j DNAT --to iptables -A FORWARD -p udp --dport 4500 -j ACCEPT iptables -t nat -A PREROUTING -p 50 -j DNAT --to iptables -A FORWARD -p 50 -j ACCEPT iptables -t nat -A PREROUTING -p 51 -j DNAT --to iptables -A FORWARD -p 51 -j ACCEPT 

The whole iptables script is (without the line's from above):

    echo 1 > /proc/sys/net/ipv4/ip_forward     echo 1 > /proc/sys/net/ipv4/tcp_syncookies              #Flush table's             iptables -F INPUT             iptables -F OUTPUT             iptables -F FORWARD             iptables -t nat -F              #Drop traffic             iptables -P INPUT DROP             iptables -P FORWARD DROP             iptables -P OUTPUT ACCEPT              #verkeer naar buiten toe laten en nat aanzetten             iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT             iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT             iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE              #RDP forward voor windows servers             iptables -t nat -A PREROUTING -p tcp --dport 3389 -i eth0 -j DNAT --to             iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT             iptables -t nat -A PREROUTING -p tcp --dport 3340  -i eth0 -j DNAT --to             iptables -A FORWARD -p tcp --dport 3340 -j ACCEPT              #toestaan SSH verkeer             iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 -j DNAT --to-destination             iptables -A INPUT -p tcp --dport 22 -j ACCEPT              #toestaan verkeer loopback             iptables -A INPUT -i lo -j ACCEPT              #toestaan lokaal netwerk             iptables -A INPUT -i eth1 -j ACCEPT              #accepteren established traffic             iptables -A INPUT -i eth0 --match state --state RELATED,ESTABLISHED -j ACCEPT          #droppen ICMP boodschappen         iptables -A INPUT -p icmp -i eth0 -m limit --limit 10/minute -j ACCEPT         iptables -A INPUT -p icmp -i eth0 -j REJECT      ifconfig eth1     ifconfig eth0 XXXXXXXXXXXXX/30     ifconfig eth0 up     ifconfig eth1 up     route add default gw XXXXXXXXXXXXXXXXXXX     route add -net netmask gw 


Please run a tcpdump session while doing the test and also look at the counters from iptables -L -nv before and after the test.

The solution: iptables -A FORWARD -p udp --sport 1701 -j ACCEPT

If you are behind a Firewall and NAT you might be looking for: http://support.microsoft.com/kb/885407/en-us

Related Articles

  • L2TP iptables port forwardJune 14

    I'm setting up port forwarding for an L2TP VPN connection to the local Windows 2003 VPN server. The router is a simpel Debian machine with iptables. The VPN server works perfect. But I cannot log in from the WAN. I'm missing something. The VPN server

  • iptables port forward + nginx redirect problemMay 28

    Here is my network browser => proxy(iptables port forward) => nginx server proxy:, forward to nginx server: nginx version:0.7.65 debian testing in nginx settings, I set: server_name

  • NAT Gateway, Iptables, Port Forwarding, DNS And DHCP Setup - Ubuntu 8.10 ServerAugust 22

    Used this howto: NAT Gateway, Iptables, Port Forwarding, DNS And DHCP Setup - Ubuntu 8.10 Server but I have a problem. I have added to this iSCSI and SAMBA. iSCSI seems to be working, but SAMBA doesn't. If I turn off the firewall it works, so I guess

  • iptables port forwarding on debianJune 17

    I'm trying to setup a simple port forwarding firewall and I can't make the basic non-firewall configuration to work. I have setup the iptables script as follows #!/bin/sh # interfaces LAN="eth1" WAN="eth0" # enable forwarding echo 1 &g

  • Iptables port forward

    Iptables port forwardJanuary 7

    My ISP block pop3 port 110 & smtp port 25. I have own VPS mail server and i would like to use pop3 email. How can i listen pop3 on both 443 & 110. I have enable the forwarding in /proc/sys/net/ipv4/ip_forward file. Type this command in shell >&

  • make local only daemon listening on different interface (using iptables port forwarding)?March 22

    i have a daemon program which listens on i need to access it when i connect to my box with vpn. so i want it to listen on the ppp0 interface too. i've tried the "ssh -L" method. it works, but i don't think it's the right way to d

  • iptables port forward forwardingSeptember 16

    I'm trying to do some simple tcp port forwarding [[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward 0 [[email protected] ~]# /bin/echo 1 > /proc/sys/net/ipv4/ip_forward [[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward 1 [[email protected] ~

  • Iptables port forwarding on OpenVZ CEntOS containerNovember 12

    I am trying to setup a simple port forwarding on an OpenVZ container that is running CentOS 5.5. When I run a command I get errors. iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables v1.3.5: can't initialize iptables

  • How do I access my WAN IP internally according to my existing iptables port forwarding rules? April 14

    This question already has an answer here: Loopback to forwarded Public IP address from local network - Hairpin NAT 8 answers I have IPTABLES newly set up on my Debian Squeeze server and I have IP masquerading and port forwarding working successfully

  • Ubuntu 11.04 server iptables port forwardingJuly 1

    I'm pretty new to iptables. My server has two Ethernet cards (eth0, eth1) and an ADSL router that is in bridge mode connected to the eth0 which created ppp0 when dialed. I'm trying to forward external port 80 to my local machine ( connect

  • iptables port forwarding from load balancer to internal web serverOctober 7

    I'm having trouble with forwarding 8000 port from my load balancer (the only entry point with external IP address) to a web server (to port 8000) that has internal IP. So I need XX.XX.XX.XX:8000 -> YY.YY.YY.YY:8000 where XX.XX.XX.XX is external ip an

  • how do i check iptables port forwarding rules

    how do i check iptables port forwarding rulesDecember 22

    i've tried to get port forwarding working on a machine. I've read many topics here regarding that problem, but i can't get it work. Plan is to get all incoming traffic on ppp0 on port 5000 forwarded to a device on eth0. Here are the Rules i have trie

  • iptables: Port forwarding with masquerading is not workingMay 6

    I'm having some issues with my port forwards. NAT seems to work ok and one out of the port forwards seem to work (udp port 7887 to machine But not the others. I doubt that it matters, but eth1 & eth2 are located on a dualport NIC. WAN

  • Iptables port forward tftpdAugust 10

    i need to forward incoming port 69 to port 2112 with iptables on linux. i don't need any NAT etc. just accept incoming connections to port 2112 like it be 69 pot. Thank you! --------------Solutions------------- This should do what you want iptables -

  • iptables port forwarding for active UDP connectionsAugust 26

    I am trying to set up port forwarding on UDP from port 12345 to port 54321 using the following: iptables -t nat -A PREROUTING -p udp -i eth0 -d --dport 12345 -j DNAT --to iptables -A FORWARD -p udp -i eth0 -d

  • Iptables port forwarding - what am I doing wrong?September 10

    I am trying to set up port forwarding with iptables. I've read several stuff (including here on serverfault) but every example I try fails. I have a Debian GNU/Linux box with a globally routed IP address, say I also have an internal network

  • iptables port forwarding A - B - AFebruary 4

    I have a host machine(A) with lxc-container(B). A's local ip address is and public ip, let's say B's local ip address is I need to be forwarded to and I created the following rules for that: ipt

  • IPTables port forwarding keep originating IP addressFebruary 13

    I'm hoping someone can help me with this configuration. I already have a working setup where a Linux box is acting as a router just doing port forwarding for public IP's. These are all public IP's btw. HOST_x - Can be any host with public IP. (ex: x.

  • iptables Port Forwarding Not WorkingJune 18

    I have a server that I configured to be a router (Debian 7 Stable). eth0 is hooked up to my cable modem, and eth1 is hooked up to a 24-port switch. DHCP,DNS,Routing,Traffic all work fine. The only thing I can't seem to get working is port forwarding.

  • IPTables port forward Remote mysql to localhostJune 23

    i have a MySQL server1.1.1.1 and I need port 3306 in port forward to my secondary server I don't have access to MySQL server. i have tried iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to how will

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.414 s.