I'm setting up access to a pptp server that is located on the interior side
of a iptables based firewall. So far the examples I've found on the web all
describe situations where the client is on the inside of the firewall with
the pptp server somewhere on the internet.
So far I have NAT entry as follows:
orig src. orig dst. org srv trans src trans dst trans srv
any 220.127.116.11 any original 192.168.0.10 original
and a policy of:
source destination service action
any 192.168.0.10 pptp-udp, pptp-tcp accept
When I initiate the pptp session from the outside client, I'm seeing traffic
in both directions on port 1723. Then the traffic changes to
gre-proto-0x880B and only goes from the client to the server with no traffic
from the server to the client.
First question is, is what I have above sufficent for this type of
endeavour? Second question is, any ideas or references that would help me
out on this?