Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

PPTP Connection sharing behind NAT

From: "J. Theriault" <administrator () maginetworks com>
Date: Sun, 7 Jan 2007 14:59:47 +0100 (MET)

Hello,
I would like to set up a Linux machine to route connections over a PPTP connection to a secondary ISP inside a pre-existing network, so that internal machines generally use the "standard" ISP connection, and others can be configured to use the Linux machine's PPTP connection as a gateway/tunnel for their internet access.
I have no previous practical experience with PPTP and most of the Linux PPTP documentation seems quite daunting, so if anyone knows a simple way to do this, I'd appreciate any help or advice before I get started. 

-----

So far, I'm visualizing it like so:

U = Standard Unencrypted connection
E = PPTP Encryption connection

------------     -------     ----------           -----------
| Internet |--U--| ISP |--U--| Router |-----U-----| Clients |
|          |     |     |     |        |           |         |
|          |     |     |     |        |           |         |
|          |     |     |     |        |           |         |
|       E--|--E--|--E--|--E--|----E   |           |         |
------------     -------     ----------           -----------
    |   |                WAN DHCP/LAN 10.0.0.1    (10.0.0.0/8)
    U   E                         |
    |   |                         E
  ---------                       |
  | ISP-2 |                       E   ----------   -----------
  ---------                       |-E-| Linux* |-E-| Clients |
                                      ----------   -----------
                                                  (192.168.0.0/24)

* Linux (Ubuntu 6.10):

WAN: 10.0.1.0/8 (For PPTP connection both DNS/routing are required)
LAN: 192.168.0.0/24 (For the few clients who are to use ISP-2)
PPP: PPTP connection to ISP-2

IPTables:
 - Incoming from WAN/PPP blocked
 - Outgoing LAN to WAN blocked
 - Outgoing LAN to PPP passed

Routing/DNS forwarding: Set to use ISP-2's gateway and DNS for all

-----
So, does anyone know a simple way to do this, such as if m0n0wall (which has support for a PPTP WAN but does not seem to allow me to set DNS or gateway options to be able to resolve and contact the PPTP server in the first place to establish the connection) can be configured to do this, or is there going to be a lot of trial and error? ;) 


Thank you,

Joseph Theriault
administrator () maginetworks com

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: