[pptp-server] hmm have I missed a step?

Geoff Nordli geoff at gnaa.net
Mon Jan 3 19:21:26 CST 2000


This might be what you are missing

INTNET=whatever is your internal network.
Extneral_IF is the external interface
External_IP is the external ip address

## VPN Client MASQ
ipchains -A forward -j MASQ -p tcp -s $INTNET -d 0.0.0.0/0 1723
ipchains -A forward -j MASQ -p 47

You need to masq the packets on the way out.

Here is some more rules that might help:

### Need to add some additional stuff to allow outbound
### 1723 packets to external networks this is for internal clients
### needing access to the external world
ipchains -A input -j ACCEPT -p tcp -d 0.0.0.0/0 1723 -i $INTERNAL_IF
ipchains -A input -j ACCEPT -p tcp -s 0.0.0.0/0 1723 -d $EXTERNAL_IP -i
$EXTERNAL_IF ! -y
ipchains -A output -j ACCEPT -p tcp -s 0.0.0.0/0 1723 -d $INTNET -i
$INTERNAL_IF ! -y
ipchains -A output -j ACCEPT -p tcp -s $INTNET        -d 0.0.0.0/0 -i
$EXTERNAL_IF


geoff nordli


-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Terrelle Shaw
Sent: Monday, January 03, 2000 4:09 PM
To: pptpd
Subject: [pptp-server] hmm have I missed a step?


Hello all..
I think I missed something with the  client-> firewall-> pptp-server setup.

First of all, I had initially setup the pptp-server with a real IP
 routable to the internet) to test if my setup was correct. I was able to
connect to the pptp-server from my Win NT machine via vpn.. GREAT!.

Now I moved the pptp-server behind my firewall and gave it an internal
address ( 10.0.x.x)
I compiled into the firewall kernel the vpn-masq patch (2.2.13) and
installed that. Everything a go.. pptpd is running on the vpn server, so is
ppp and other related modules.
Among the other ipchain rules I have on my firewall, I added these at the
beginning of my firewall startup script:

ipchains -I forward -p tcp -d 10.0.0.127 1723 -j ACCEPT
ipchains -A forward -p tcp -s 10.0.0.127 1723 -j ACCEPT
ipchains -A forward -p 47 -d 10.0.0.127 -j ACCEPT
ipchains -A forward -p 47 -s 10.0.0.127 -J ACCEPT

Now, looking on the firewall /var/log/messags I see the connection from the
NT machine, but its not forwarding it to the pptpd machine. Did I miss
something in the setup? Forget a rule or some software?

Thanks..


Terrelle Shaw
HealthCentralRx.com
System Administrator
hshaw at healthcentralrx.com


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!





More information about the pptp-server mailing list