VPN pptp connection Não é possível passar através do Linux iptables

Eu configurei um servidor windows VPN por trás da caixa Linux - Ubuntu que funciona como firewall e servidor proxy. Agora eu quero que pessoas de fora consigam se conectar ao servidor VPN, mas a conexão não está sendo estabelecida e eu entro no cliente um erro 619. Eu verifiquei o problema na internet e parece um problema de firewall.

o que devo fazer para estabelecer a conexão através do firewall?

aqui está abaixo as informações sobre minha configuração

Firewall-Externo-IF-IP: 172.16.1.100

Firewall-LAN-IF-IP: 192.168.1.1

VPN-Server-IP: 192.168.1.10

e abaixo está o conteúdo do meu arquivo iptables:

    #Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*filter
:INPUT ACCEPT [162000:140437619]
:FORWARD ACCEPT [23282:27196133]
:OUTPUT ACCEPT [185778:143961739]
:LOGGING - [0:0]
-A INPUT -p gre -j ACCEPT
-A INPUT -s 192.168.1.10/32 -p tcp -m tcp --sport 1723 -j ACCEPT
-A INPUT -s 192.168.1.10/32 -p udp -m udp --sport 1723 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -o EXT_IF -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -i EXT_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.10/32 -i EXT_IF -o INT_IF -p tcp -m tcp --dport 1723 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.10/32 -i INT_IF -o EXT_IF -p tcp -m tcp --sport 1723 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.10/32 -i EXT_IF -o INT_IF -p gre -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.10/32 -i INT_IF -o EXT_IF -p gre -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A OUTPUT -d 192.168.1.10/32 -p tcp -m tcp --dport 1723 -j ACCEPT
-A OUTPUT -d 192.168.1.10/32 -p udp -m udp --dport 1723 -j ACCEPT
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*nat
:PREROUTING ACCEPT [17865:1053739]
:INPUT ACCEPT [5490:357281]
:OUTPUT ACCEPT [3723:223677]
:POSTROUTING ACCEPT [3726:223870]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.10
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p gre -j DNAT --to-destination 192.168.1.10
-A PREROUTING -i -h
-A POSTROUTING -s 192.168.1.0/24 -o EXT_IF -j MASQUERADE
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*mangle
:PREROUTING ACCEPT [22695965:17811993005]
:INPUT ACCEPT [13818180:11522330171]
:PREROUTING ACCEPT [17865:1053739]
:INPUT ACCEPT [5490:357281]
:OUTPUT ACCEPT [3723:223677]
:POSTROUTING ACCEPT [3726:223870]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.10
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p gre -j DNAT --to-destination 192.168.1.10
-A PREROUTING -i -h
-A POSTROUTING -s 192.168.1.0/24 -o EXT_IF -j MASQUERADE
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*mangle
:PREROUTING ACCEPT [22695965:17811993005]
:INPUT ACCEPT [13818180:11522330171]
:FORWARD ACCEPT [8527694:6271564562]
:OUTPUT ACCEPT [14748508:11899678536]
:POSTROUTING ACCEPT [23271280:18170828012]
COMMIT
# Completed on Thu May 29 12:40:18 2014

espero que encontre a solução aqui .... !! : (