VPN with Transparent Proxy

[Jackd]

Ive got a PPTP VPN server setup on my windows 2003 domain controller at my house, the DC is behind the transparent proxy, so how can i make the VPN work correctly externally. Ive just tried opening port 1723 and 47 on the router and forwarding them to the transparent proxy which then should destination NAT those packets to the DC, i tried the following iptables rules:

Code:

-A PREROUTING -p tcp -m tcp -i eth0 --dport 1723 -j DNAT --to-destination 192.168.2.36:1723
-A PREROUTING -p tcp -m tcp -i eth0 --dport 47 -j DNAT --to-destination 192.168.2.36:47

The DC is on ip 192.168.2.36 and the transparent proxy has 192.168.2.34 and 192.168.1.34 with the router having 192.168.1.1

[greenfieldsupport]

Most Transparent proxys automatically pick up any traffic on port 80 and automatically forward it.

Unless your using AOheLL you should configure your router to forward port 1723 to your VPN server (your domain controller)

Make sure your router supports the GRE protocol. The GRE protocol is called protocol 47 and is NOT the same as port 47. What are you using as your router??

[Jackd]

Yes i know it picks up on port 80
I cant forward it to the Domain Controller because its behind the proxy on a different address (the router is on 192.168.1.1 and the dc is on 192.168.2.34) the router only allows me to enter address's in the 192.168.1.* range

The routers a Linksys AG241

[greenfieldsupport]

Assign the router a new IP address in the 192.168.2.* range?

Orrr just add another ip address to the domain controller of 192.168.1.34, that way you dont have to reconfigure anything.

Point the router at the 192.168.1.34 range.

Your router does support PPTP passthrough so use that.

Id be carefull when considering configuring your VPN, are you sure that everything is locked down correctly, as once enabled its not just your users that can connect to it

You may need a new password policy and lockout policies.

[tom_newton]

I think you are missing the point of "transparent proxy" - this tends to refer to a transparent *web* proxy, which has nothing to do with PPTP at all.

It also looks like you have one too many IP ranges there... is there a good reason for that?

A network diagram may help.

[greenfieldsupport]

An even better question would be : Why does your network run with class C Ranges???

You'll be limited to only 254 computers per subnet, surely thats a bad thing :S.

[Jackd]

An even better question would be : Why does your network run with class C Ranges???

You'll be limited to only 254 computers per subnet, surely thats a bad thing :S.

Its my home network like i said...

I think you are missing the point of "transparent proxy" - this tends to refer to a transparent *web* proxy, which has nothing to do with PPTP at all.

It also looks like you have one too many IP ranges there... is there a good reason for that?

A network diagram may help.

I'll try to get one created in a bit using visio

Assign the router a new IP address in the 192.168.2.* range?

Orrr just add another ip address to the domain controller of 192.168.1.34, that way you dont have to reconfigure anything.

Point the router at the 192.168.1.34 range.

Your router does support PPTP passthrough so use that.

Id be carefull when considering configuring your VPN, are you sure that everything is locked down correctly, as once enabled its not just your users that can connect to it

You may need a new password policy and lockout policies.

How can i put another ip address on the DC, would that require multiple NIC's?