[pptp-server] IPTables and GRE
Eirik Robertstad
ERobertstad at txc.com
Tue Apr 17 23:12:05 CDT 2001
Looks like I did have it correct then. I've added this for the input
rules and the output rules... yet I'm still getting the same errors. I
thought it was the firewall blocking it, but I've even tryed to open the
firewall totaly open. I've also looked in tcpdump for any data on the
GRE protocal, but nothing shows up. Only activity on the port 1723.
Windows just reports:
Error 629: You have been disconnected from the computer you dialed.
Double-click the connection to try again.
And pptpd just shows:
<snip>
Apr 17 23:02:25 transfire pptpd[23878]: MGR: Reaped child 24169
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: local address = 172.18.0.2
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: remote address = 172.18.0.52
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Client 198.138.97.250
control connection started
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Received PPTP Control
Message (type: 1)
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Made a START CTRL CONN
RPLY packet
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: I wrote 156 bytes to the
client.
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Sent packet to client
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Received PPTP Control
Message (type: 7)
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Set parameters to 0
maxbps, 16 window size
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Made a OUT CALL RPLY packet
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Starting call (launching
pppd, opening GRE)
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: pty_fd = 4
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: tty_fd = 5
Apr 17 23:02:25 transfire pptpd[24170]: CTRL (PPPD Launcher): Connection
speed = 115200
Apr 17 23:02:25 transfire pptpd[24170]: CTRL (PPPD Launcher): local
address = 172.18.0.2
Apr 17 23:02:25 transfire pptpd[24170]: CTRL (PPPD Launcher): remote
address = 172.18.0.52
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: I wrote 32 bytes to the
client.
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Sent packet to client
Apr 17 23:02:25 transfire pptpd[24169]: GRE:
read(fd=4,buffer=809c180,len=8196) from PTY failed: status = -1 error =
Input/output error
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: PTY read or GRE write
failed (pty,gre)=(4,5)
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Client 198.138.97.250
control connection finished
Apr 17 23:02:25 transfire pptpd[24169]: CTRL: Exiting now
</snip>
I'm at a total loss, I can't get any more information out of pptpd of
what would be going on.
Thanks,
Eirik Robertstad
Matthew Drobnak wrote:
>
> Afaik, the only two rules you'll need are to allow incoming traffic using
> protocol
> number 47, as well as TCP port 1723. If you're restricting outbound
> traffic, add
> outgoing rules as well.
>
>
> iptables -A INPUT -j ACCEPT -i ethX --proto 47
> iptables -A INPUT -j ACCEPT -i ethX -p tcp --dport 1723
>
>
> Hope that helps. The -i ethX is optional -- it allows traffic only on that
> interface.
>
> -Matthew Drobnak
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list