Changes to firewall broke my VPN?
Posted: Wed Oct 29, 2014 6:13 pm
Hi
I updated my Gargoyle firmware recently, and now I notice that I can no longer connect to my home PPTP VPN server.
Previously, I had entries in /etc/firewall.user to pass TCP port 1723 and all GRE packets to my VPN server at local address 192.168.11.3, so my /etc/firewall.user file looked thus:
Well, the file is still the same, but I notice that now, any of those iptable commands results in an error:
Anyone know what's changed and how do I fix it?
I updated my Gargoyle firmware recently, and now I notice that I can no longer connect to my home PPTP VPN server.
Previously, I had entries in /etc/firewall.user to pass TCP port 1723 and all GRE packets to my VPN server at local address 192.168.11.3, so my /etc/firewall.user file looked thus:
Code: Select all
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
## PPTP: forward initiator 1723/tcp
iptables -t nat -A prerouting_wan -p tcp --dport 1723 -j DNAT --to 192.168.11.3
iptables -A forwarding_wan -p tcp --dport 1723 -d 192.168.11.3 -j ACCEPT
## PPTP: forward tunnel GRE traffic
iptables -t nat -A prerouting_wan -p gre -j DNAT --to 192.168.11.3
iptables -A forwarding_wan -p gre -d 192.168.11.3 -j ACCEPT
Code: Select all
root@Gargoyle:~# iptables -t nat -A prerouting_wan -p tcp --dport 1723 -j DNAT --to 192.168.11.3
iptables: No chain/target/match by that name.
root@Gargoyle:~# iptables -A forwarding_wan -p tcp --dport 1723 -d 192.168.11.3 -j ACCEPT
iptables: No chain/target/match by that name.
root@Gargoyle:~# iptables -t nat -A prerouting_wan -p gre -j DNAT --to 192.168.11.3
iptables: No chain/target/match by that name.
root@Gargoyle:~# iptables -A forwarding_wan -p gre -d 192.168.11.3 -j ACCEPT
iptables: No chain/target/match by that name.
root@Gargoyle:~#
