[pptp-server] ipchains

[Yan Seiner]

A snippet from my ipchains rules.  My pptp server is on my firewall; no
port forwarding.

# PPTP is kind of a bastardized service in that it requires
# both a tcp connection and a protocol 47 connection.
# for that reason, let's put it off by itself.

echo -n "pptp..."
ipchains -A pub-in -p tcp \
	--sport $UNPRIV_PORTS \
	-d $PUBLIC_IP pptp \
	-j ACCEPT
ipchains -A pub-in -p 47 \
	-d $PUBLIC_IP \
	-j ACCEPT
ipchains -A pub-out -p tcp \
	--source $PUBLIC_IP pptp \
	--dport $UNPRIV_PORTS \
	-j ACCEPT
ipchains -A pub-out -p 47 \
	--source $PUBLIC_IP \
	-j ACCEPT

--Yan

"john oel at H@" wrote:
> 
> hi again,
> 
> in the internel private network i set up the poptop
> server.  if i set up a win98 machine to dail into
> the poptop server inside of the private network,
> it connects fine.  so now i set up the firewall
> to ipchains forward port 1723 and portocal 47 .
> then i dial in with a isp.  the connections fail.
> i think i configured the firewall correctly,but...
> 
> so i tried to do a traceroute to the firewall from
> the isp using a patch that allows GRE packets.  i
> seems to die at the firewall.  so, tried the same
> from within the private network and it also dies
> at the public side of the firewall.  so, is it a
> clue that i didn't configure ipchains correctly.
> what is the proper commands to allow port 1723
> and protocal 47 to go in to and out of the firewall.
> 
> johnoel
> 
> --------------------------------
> Get your free email @hawaii.com
> http://www.hawaii.com/
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!