[pptp-server] Re: [pptp-server] pptp with ipchains
tmk at netmagic.net
Sat Jun 26 22:54:18 CDT 1999
Just restrict the client's ip.. or ip range (aka remote IP) if you have it
set up that way..
if your remote ips are 192.168.0.10-40
use ipchains to prevent 192.168.0.10-40 from going where you don't want
ipchains is pretty much just like ipfwadm..
ipchains -A input -p tcp -s 192.168.0.10/27<port?> -d <dest ip>/32 <port> -j
-A input = add rule to input chain.. might want to use -A output or -A
-p tcp = protocol tcp (allows ports to be filtered)
-s <ip>/<subnet> <port> = source ip /subnet mask <port optional>
-d .. = same as -s
-j DENY = don't let em through
----- Original Message -----
From: Geoff Nordli <geoff at gnaa.net>
To: Pptp Listserver (E-mail) <pptp-server at lists.schulte.org>
Sent: Saturday, June 26, 1999 7:47 PM
Subject: [pptp-server] pptp with ipchains
> Does anyone have a ipchains script that will work with PPTP.
> I would like to set it up so they can only be restricted to one machine
> couple of ports--after they get authenticated.
> So inbound on external interface from PPTP client to TCP port 1723
> Outbound 1024> on external interface to PPTP client
> once they get connected.
> Outbound on internal interface to internal server 172.16.10.9 TCP port
> Inbound on internal interface from internal server 172.16.10.9 TCP port
> It would save me a lot of time.
> I think ipfwadm was a lot easier to work with.
> Geoff Nordli MCT, MCSE, Master CNE, MCP
> G Nordli and Associates
> 749 Robson Dr.
> Kamloops BC, V2E 2G7
> 250-314-7354 (phone)
> e-mail to pager 2503147354 at pcs.cantelatt.com
> e-mail: geoff at gnaa.net
> pptp-server maillist - pptp-server at lists.schulte.org
> List services provided by www.schulte.org!
More information about the pptp-server