PPTP server behind NAT internet access problem

hello everyone
please help me configure PPTP server behind NAT, I can connect to it
but have no internet access

sorry for long post. I tried make it detailed

I have openwrt router ( which connects to internet trough PPPoE and gets real IP

when I configured PPTP server on it everything worked FINE.

now I uninstalled PPTP server from that router (
and configured it on NETBOOK with single lan port on it
running OpenWRT x64 (

here is how looks configuration of that single port

[/etc/config/pptpd] on NETBOOK (

config service 'pptpd'
        option 'enabled' '1'
        option 'localip' ''
        option 'remoteip' ''

config 'login'
        option 'username' mydevice'
        option 'password' 'devicepassword'

[/etc/firewall.user] on NETBOOK ( and router (

# Allow all traffic in and out of the ppp interface. No reason to specify nets.
iptables -A input_rule -i ppp+ -j ACCEPT
iptables -A output_rule -o ppp+ -j ACCEPT
# This rule will allow traffic towards internet
iptables -A forwarding_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -o ppp+ -j ACCEPT

added this to
[/etc/config/firewall] on NETBOOK ( and router (

config rule
        option target 'ACCEPT'
        option _name 'pptp'
        option src 'wan'
        option proto 'tcp'
        option dest_port '1723'

config rule
        option target 'ACCEPT'
        option _name 'gre'
        option src 'wan'
        option proto '47'

also I installed on NETBOOK ( and router (

and created /etc/sysctl.d/20-nf-conntrack-helper.conf
with this content
net.netfilter.nf_conntrack_helper = 1



now I can connect to PPTP server

but only NETBOOK ( is accessible

I can not get to nor to internet


after that I even tried to add port forwarding rules to openwrt router (

It did not help too :frowning:


I am new to linux and routing
I suppose it maybe need some routing rules added

thank you

and sorry for long post :slight_smile:

Try to remove port forwards for GRE. Actually conntrack do this.