Port forwarding the connections from PPTP VPN
Posted: Tue Nov 10, 2015 11:52 am
As stated in the topic title, I'm having problems port forwarding connections coming from PPTP VPN.
I establish the connection with the PPTP plugin, no problems there. But now I need to forward for example a connection to a VNC server that is on a device connected to the Gargoyle router which established the PPTP connection.
Using the regular port forwarding doesn't work, so I guess I need to change something in /etc/config/firewall?
I tried doing this:
*Yes, the server is on 5901.
I establish the connection with the PPTP plugin, no problems there. But now I need to forward for example a connection to a VNC server that is on a device connected to the Gargoyle router which established the PPTP connection.
Using the regular port forwarding doesn't work, so I guess I need to change something in /etc/config/firewall?
I tried doing this:
Code: Select all
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include
option type 'script'
option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
option family 'IPv4'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone 'vpnpptp_zone'
option name 'vpnpptp'
option network 'vpnpptp'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option mtu_fix '1'
option masq '1'
config forwarding 'vpnpptp_lan_forwarding'
option src 'lan'
option dest 'vpnpptp'
[b]config redirect
option src 'vpnpptp'
option src_dport '5900'
option proto 'tcp'
option dest 'lan'
option dest_ip '192.168.0.22'
option dest_port '5901'[/b]