高版本kernel就已经支持以mod形式编译了 iptables(1.3.4)以上的pptp的ko
# Generated by iptables-save v1.3.5 on Thu Sep 10 23:58:52 2009
*nat
:PREROUTING ACCEPT [9304:966437]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [6:373]
-A PREROUTING -d PUB_IP -p gre -j DNAT --to-destination 192.168.1.63
-A POSTROUTING -s 192.168.0.0/255.255.252.0 -d 192.168.4.0/255.255.252.0 -j ACCEPT
-A POSTROUTING -s 192.168.3.40 -d 192.168.254.0/255.255.255.0 -j SNAT --to-source OUT_IP
-A POSTROUTING -s 192.168.0.0/255.255.252.0 -j SNAT --to-source OUT_IP
-A POSTROUTING -s 192.168.0.0/255.255.252.0 -d 192.168.4.0/255.255.252.0 -j ACCEPT
-A POSTROUTING -s 192.168.0.0/255.255.252.0 -d 192.168.254.0/255.255.255.0 -j SNAT --to-source OUT_IP
-A POSTROUTING -s 192.168.0.0/255.255.252.0 -d 192.168.233.0/255.255.255.0 -j SNAT --to-source OUT_IP
-A POSTROUTING -s 192.168.0.0/255.255.252.0 -d 111.111.2.0/255.255.240.0 -j SNAT --to-source OUT_IP
-A POSTROUTING -s OUT_IP -j ACCEPT
-A POSTROUTING -s 192.168.0.0/255.255.252.0 -p gre -j SNAT --to-source 192.168.1.63
COMMIT
# Completed on Thu Sep 10 23:58:52 2009
# Generated by iptables-save v1.3.5 on Thu Sep 10 23:58:52 2009
*filter
:INPUT ACCEPT [3247:365474]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [788:77051]
-A INPUT -p gre -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.252.0 -j ACCEPT
-A FORWARD -d 192.168.0.0/255.255.252.0 -j ACCEPT
COMMIT
# Completed on Thu Sep 10 23:58:52 2009
