From fb33fd9aa1f42ce80f8cbd4601f771e3413b1e82 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 26 Sep 2006 21:16:20 +0000
Subject: [PATCH] Add /etc/shorewall/masq entry to PPTP server behind firewall
 with special external address

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4587 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/PPTP.xml | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/docs/PPTP.xml b/docs/PPTP.xml
index 488476f70..31d5f043b 100644
--- a/docs/PPTP.xml
+++ b/docs/PPTP.xml
@@ -561,6 +561,18 @@ DNAT         net            loc:<emphasis>&lt;server address&gt;</emphasis>  47<
 #                                                                              PORT(S)         DEST
 DNAT         net            loc:<emphasis>&lt;server address&gt;</emphasis>  tcp         1723             -               <emphasis>&lt;external address&gt;</emphasis>
 DNAT         net            loc:<emphasis>&lt;server address&gt;</emphasis>  47          -                -               <emphasis>&lt;external address&gt;</emphasis></programlisting>
+
+    <para>You will also want to add this entry to your
+    <filename>/etc/shorewall/masq</filename> file:</para>
+
+    <programlisting>#INTERFACE             SUBNET             ADDRESS               PROTO
+&lt;<emphasis>external interface</emphasis>&gt;   &lt;<emphasis>server address</emphasis>&gt;   &lt;<emphasis>external address</emphasis>&gt;    47</programlisting>
+
+    <important>
+      <para>Be sure that the above entry comes <emphasis
+      role="bold">before</emphasis> any other entry that might match the
+      server's address.</para>
+    </important>
   </section>
 
   <section id="ClientsBehind">
@@ -802,12 +814,13 @@ restart_pptp &gt; /dev/null 2&gt;&amp;1 &amp;</programlisting>
     <title>PPTP Client running on your Firewall with PPTP Server in an ADSL
     Modem</title>
 
-    <para>Some ADSL systems in Europe (most notably in Austria and the Netherlands) feature a PPTP
-    server built into an ADSL <quote>Modem</quote>. In this setup, an ethernet
-    interface is dedicated to supporting the PPTP tunnel between the firewall
-    and the <quote>Modem</quote> while the actual internet access is through
-    PPTP (interface ppp0). If you have this type of setup, you need to modify
-    the sample configuration that you downloaded as described in this section.
+    <para>Some ADSL systems in Europe (most notably in Austria and the
+    Netherlands) feature a PPTP server built into an ADSL
+    <quote>Modem</quote>. In this setup, an ethernet interface is dedicated to
+    supporting the PPTP tunnel between the firewall and the
+    <quote>Modem</quote> while the actual internet access is through PPTP
+    (interface ppp0). If you have this type of setup, you need to modify the
+    sample configuration that you downloaded as described in this section.
     <emphasis role="bold">These changes are in addition to those described in
     the <ulink url="shorewall_quickstart_guide.htm">QuickStart
     Guides</ulink>.</emphasis></para>