Networknet.nl

In the following example I am configuring port forwarding to a Windows Server 2003 Standard Edition PPTP VPN server. My configuration has been configured as shown in the diagram. I have a /28 network registered on the Internet and 14 public IP Addresses are available though the SDSL ISP modem. The SDSL modem is providing these IP addresses by the internal DHCP server. For the Cisco PIX 501 firewall I am using manual assigned Public IP Address.

In the CLI command lines below I am configuring static NAT on a public IP Address for tcp port 1723 (pptp) and assign the private IP Address/hostname to VPN-02 which has been defined in the line “name”.

fixup protocol pptp 1723

name 192.168.5.35 VPN-02

access-list outside_access_in permit tcp any host 194.0.0.2

access-list outside_access_in permit gre any host 194.0.0.2

pdm location VPN-02 255.255.255.255 inside

static (inside,outside) tcp 194.0.0.2 pptp VPN-02 pptp netmask 255.255.255.255 0 0

What did I achieve with this configuration? After I applied this configuration I was able to connect from my Windows XP & Windows Vista clients with built-in VPN client and connect using the PPTP protocol. I also used static port forwarding on tcp 1723 port and enabled the GRE IP protocol fix by using the “fixup protocol pptp 1723″ command. Without the fixup for pptp protocol I was forced to translate complete internal host (VPN-02) and using all TCP ports. If you don’t apply to fixup than you probably will get eventlog message like one below.

At some point my lab Openfiler was assigned static ip address and the iSCSI target stopped to function; also it was not reachable by the web interface at tcp port id 446 anymore. Several reboots did not help to solve the problem.

What happened? The network interface configuration was changed. One of the eth config files was changed from DHCP to a static ip address.

vi /etc/sysconfig/network

[root@net-nas-01 sysconfig]# cat network
NETWORKING=yes
HOSTNAME=net-nas-01.networknet.nl
GATEWAY=192.168.100.254

vi /etc/sysconfig/network-scripts/ifcfg-eth0

[root@net-nas-01 network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
IPADDR=192.168.100.12
BOOTPROTO=static
NETMASK=255.255.255.0
NETWORK=192.168.100.0
GATEWAY=192.168.100.254
BROADCAST=192.168.100.255
ONBOOT=yes

Openfiler service failed if you checked the services (# service –status-all). The problem is Openfiler service checks the FQDN in the hosts file located in the etc directory.

[root@net-nas-01 ~]# service openfiler –full-restart
Stopping openfiler:                                        [FAILED]
Starting openfiler:                                        [FAILED]
[root@net-nas-01 ~]# service openfiler -configtest
Usage: openfiler {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}
[root@net-nas-01 ~]# service openfiler configtest
httpd: Could not determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
Syntax OK
[root@net-nas-01 ~]# cd /etc
[root@net-nas-01 etc]# cat hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost

Go and modify the hosts file. To modify the hosts file run this command –> vi /etc/hosts and make sure the FQDN names for 127.0.0.1 and the static ip address are set correct.

[root@net-nas-01 etc]# service openfiler –full-restart
Stopping openfiler:                                        [FAILED]
Starting openfiler:                                        [  OK  ]
[root@net-nas-01 etc]# cat hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1                 net-nas-01.networknet.nl
192.168.100.12            net-nas-01.networknet.nl
[root@net-nas-01 etc]#

For more information go to Openfiler website.