[pptp-server] Re: [pptp-server] pptp with ipchains

tmk tmk at netmagic.net
Sat Jun 26 22:54:18 CDT 1999

Just restrict the client's ip.. or ip range (aka remote IP) if you have it
set up that way..

if your remote ips are
use ipchains to prevent from going where you don't want

ipchains is pretty much just like ipfwadm..

ipchains -A input -p tcp -s<port?> -d <dest ip>/32 <port> -j

-A input = add rule to input chain.. might want to use -A output or -A
forward instead
-p tcp = protocol tcp (allows ports to be filtered)
-s <ip>/<subnet> <port> = source ip /subnet mask <port optional>
-d .. = same as -s
-j DENY = don't let em through


----- Original Message -----
From: Geoff Nordli <geoff at gnaa.net>
To: Pptp Listserver (E-mail) <pptp-server at lists.schulte.org>
Sent: Saturday, June 26, 1999 7:47 PM
Subject: [pptp-server] pptp with ipchains

> Does anyone have a ipchains script that will work with PPTP.
> I would like to set it up so they can only be restricted to one machine
> a
> couple of ports--after they get authenticated.
> So inbound on external interface from PPTP client to TCP port 1723
> Outbound 1024> on external interface to PPTP client
> once they get connected.
> Outbound on internal interface to internal server  TCP port
> Inbound  on internal interface from internal server TCP port
> 1024>
> It would save me a lot of time.
> I think ipfwadm was a lot easier to work with.
> Geoff Nordli MCT, MCSE, Master CNE, MCP
> G Nordli and Associates
> 749 Robson Dr.
> Kamloops BC, V2E 2G7
> 250-314-7354  (phone)
> e-mail to pager  2503147354 at pcs.cantelatt.com
> e-mail: geoff at gnaa.net
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!

More information about the pptp-server mailing list