RHEL 8.5 PPTP NAT 穿越

RHEL 8.5 PPTP NAT 穿越

内网主机-----RHEL 8.5 ----PPTP Server

windows 11 pptp拨号经过linux不通，查了很长时间没解决，最后在centos社区找到线索
https://forums.centos.org/viewtopic.php?t=63180

需要在RHEL Linux进行配置

临时生效
sysctl -w net.netfilter.nf_conntrack_helper=1
modprobe ip_nat_pptp

永久生效
vi /etc/sysconfig/iptables-config
modprobe ip_nat_pptp #增加

vi /etc/sysctl.conf
net.netfilter.nf_conntrack_helper=1 #增加

附上我的iptables规则

[root@localhost ~]# iptables -nvL
Chain INPUT (policy ACCEPT 2051 packets, 402K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 596K packets, 731M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 425 packets, 83680 bytes)
 pkts bytes target     prot opt in     out     source               destination
[root@localhost ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 3274 packets, 324K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 102 packets, 22361 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 77 packets, 5722 bytes)
 pkts bytes target     prot opt in     out     source               destination
 2439  185K MASQUERADE  all  --  *      enp3s0  192.168.50.0/24      0.0.0.0/0

Chain OUTPUT (policy ACCEPT 77 packets, 5722 bytes)
 pkts bytes target     prot opt in     out     source               destination
[root@localhost ~]#

[root@localhost ~]# cat vi /etc/sysctl.conf
cat: vi: No such file or directory
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#
net.ipv4.ip_forward = 1
net.netfilter.nf_conntrack_helper=1
[root@localhost ~]#

[root@localhost ~]# cat /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
#IPTABLES_MODULES=""
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp ip_nat_pptp"


# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
#   Value: yes|no,  default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
#   Value: yes|no,  default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

# Reload sysctl settings on start and restart
#   Default: -none-
# Space separated list of sysctl items which are to be reloaded on start.
# List items will be matched by fgrep.
#IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"

# Set wait option for iptables-restore calls in seconds
#   Default: 600
# Set to 0 to deactivate the wait.
#IPTABLES_RESTORE_WAIT=600

# Set wait interval option for iptables-restore calls in microseconds
#   Default: 1000000
# Set to 100000 to try to get the lock every 100000 microseconds, 10 times a
# second.
# Only usable with IPTABLES_RESTORE_WAIT > 0
#IPTABLES_RESTORE_WAIT_INTERVAL=1000000
[root@localhost ~]#

祝好运，如不行多Google