[pptp-server] (no subject)

gerhard.possler at westernacher.de gerhard.possler at westernacher.de
Tue Aug 22 09:42:31 CDT 2000 

Hi all,

(hope i read carefully John Harding's howto....) but i have an Problem with
my Firewall Box.
Here the config:

          <---MASQ
PC with win2k -----eth0 Linux Firewall eth1---- PPTP-Server (Linux)
192.168.0.2    192.168.0.1 | 192.168.251.20   192.168.251.5

Routing ist correct set then after:
echo 1 > /proc/sys/net/ipv4/ip_forward

I can ping, telnet and pptp to PPTP-Server from PC with win2k.

Masquerading is also correct then when I start an FTP-Server on the
win2k PC and made an ftp to 192.168.0.2 the source of the ftp request is
the Linux-Firewall (192.168.0.1).

Your patch is successfull applied (no errors), kernel is 2.2.14-SUSE.

I start an script called fwon (to activate ipchains, etc):

#!/bin/bash
#
# (c) Gerhard Possler 2000
#
EXTIP="192.168.0.1"             # externe ip adresse offiziell
INTIP="192.168.251.20"          # interne ip adresse privat
INTNET="192.168.251.0/24"       # internes netz privat
PPTPSERVER="192.168.251.5"      # pptp-server privat
# PPTPCLIENT="0.0.0.0"   # pptp-client offiziell falls bekannt

# forwarding and masq
echo 1 > /proc/sys/net/ipv4/ip_forward

# clear ipmasqadm portfw and ipchains
/usr/sbin/ipmasqadm portfw -f
/sbin/ipchains -F

# define new portfw
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 1723 -R $PPTPSERVER 1723
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 10000 -R $PPTPSERVER 10000

# masq und modules
/sbin/ipchains -M -S 7200 10 160
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_pptp.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_ipsec.o
# /sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_generic.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_autofw.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_mfw.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_portfw.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_cuseeme.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_ftp.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_irc.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_user.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_quake.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_raudio.o
/sbin/insmod /lib/modules/2.2.14/ipv4/ip_masq_vdolive.o

/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward DENY

# Filter rules
/sbin/ipchains -A input -j ACCEPT
# /sbin/ipchains -A output -d $INTNET -j ACCEPT
# /sbin/ipchains -A output -s $INTNET -d 0.0.0.0/0 -j MASQ
/sbin/ipchains -A forward -d $INTNET -j DENY -l
/sbin/ipchains -A forward -s $INTNET -d 0.0.0.0/0 -j MASQ -l

# forward von GRE
/usr/sbin/ipfwd --debug --syslog --masq $PPTPSERVER 47 &

# end

after starting this script the Linux-Firewall seems to work 1-2 minutes
then "hangup". Nothing to see, nothing moves.
No entries in /var/log/messages...

Have you any ideea ? Can you help me ?

With kind regards


------------------------------------------------------------------------
Gerhard Possler

"Wer neue Wege geht, braucht starke Partner."

Westernacher AG
Am Hubengut 3
76149 Karlsruhe, Germany
phone: +49-721/9772-0
fax:        +49-721/9772-188
http://www.westernacher.de

More information about the pptp-server mailing list