[pptp-server] PPTP
Shirish Bhagwat
shirish at dishatech.com
Thu Apr 19 23:56:37 CDT 2001
internal interface IP address is 192.168.1.x
External interface is 10.1.1.10
The external interface talks to TE4 modem (DSL router).
All other ports like Telnet, smtp, irc, etc are going through this same
firewall much the same way and they all seem to be working alright.
If you want I can send you my firewall script.
Thanks
Shirish Bhagwat
George Vieira wrote:
> 10.1.1.10 looks like your internal IP addresses of your PPTP server. This
> will not work and requires the External IP of the machine.
>
> Does this machine HAVE an external IP or is it using NAT provided by the
> router?
>
> thanks,
> George Vieira
>
> -----Original Message-----
> From: Shirish Bhagwat [mailto:shirish at dishatech.com]
> Sent: Thursday, April 19, 2001 5:26 PM
> To: George Vieira
> Cc: karan_ingale at hotmail.com; pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] PPTP
>
> $LOCALHOST contains ip address of the external interface.
>
> Line numbers obtained for 1723 port which is PPTP port are given below.
>
> Thanks
> Shirish
> root at dishatech.com wrote:
>
> > 0 0 ACCEPT tcp !y---- 0xFF 0x00 eth0
> 0.0.0.0/0 10.1.1.10 1723 -> 1024:65535
> > 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
> 0.0.0.0/0 10.1.1.10 1723 -> 1024:65535
> > 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0
> 0.0.0.0/0 10.1.1.10 1024:65535 -> 1723
> > 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
> 0.0.0.0/0 10.1.1.10 1024:65535 -> 1723
> > 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0
> 10.1.1.10 0.0.0.0/0 1024:65535 -> 1723
> > 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
> 10.1.1.10 0.0.0.0/0 1024:65535 -> 1723
> > 0 0 ACCEPT tcp !y---- 0xFF 0x00 eth0
> 10.1.1.10 0.0.0.0/0 1723 -> 1024:65535
> > 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
> 10.1.1.10 0.0.0.0/0 1723 -> 1024:65535
>
> George Vieira wrote:
>
> > Is your $LOCALHOST containing 127.0.0.1? This won't work and should
> contains
> > your external IP address..
> >
> > Can you give me/us a listing of your
> >
> > ipchains -L -n -v --linenumbers
> >
> > thanks,
> > George Vieira
> >
> > -----Original Message-----
> > From: Karan Ingale [mailto:karan_ingale at yahoo.com]
> > Sent: Thursday, April 19, 2001 4:09 PM
> > To: pptp-server at lists.schulte.org
> > Cc: shirish at dishatech.com
> > Subject: [pptp-server] PPTP
> >
> > Hello,
> > I am running Redhat Linux 6.2 on a Pentium machine. I
> > have applied the Kernel patch for PPTP. I am using
> > IPChains to filter out specific outgoing and incoming
> > traffic.
> > I use a Windows 2000 machine from the internal
> > network, to make a VPN session with a server on the
> > internet. If I don't apply any rules for ipchains (All
> > Accept), I am able to make the connection. But as soon
> > as I apply the following rules, I am not able to make
> > a VPN connection with the VPN server on the internet.
> >
> > This is the policy I used to deny all ports
> >
> > ipchains --policy input DENY
> > ipchains --policy output DENY
> > ipchains --policy forward DENY
> >
> > This is the policy for PPTP
> >
> > ipchains --append input \
> > --jump ACCEPT \
> > --interface $EXTERNAL_INTERFACE \
> > --source $EXTERNAL_NETWORK $PPTP \
> > --destination $LOCALHOST $UNPRIVPORTS \
> > --protocol tcp
> > # --protocol tcp ! -y #SYN BIT
> > Check
> >
> > ipchains --append output \
> > --jump ACCEPT \
> > --interface $EXTERNAL_INTERFACE \
> > --source $LOCALHOST $UNPRIVPORTS \
> > --destination $EXTERNAL_NETWORK $PPTP \
> > --protocol tcp
> >
> > ipchains --append input \
> > --jump ACCEPT \
> > --interface $EXTERNAL_INTERFACE \
> > --source $EXTERNAL_NETWORK $PPTP \
> > --destination $LOCALHOST $UNPRIVPORTS \
> > --protocol udp
> >
> > ipchains --append output \
> > --jump ACCEPT \
> > --interface $EXTERNAL_INTERFACE \
> > --source $LOCALHOST $UNPRIVPORTS \
> > --destination $EXTERNAL_NETWORK $PPTP \
> > --protocol udp
> >
> > I have similar policies for other ports. They work
> > just fine.
> > Can anybody solve my problem?
> >
> > Thanks.
> >
> > Karan.
> >
> > Systems Engineer.
> > Disha Technologies.
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great prices
> > http://auctions.yahoo.com/
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list