[pptp-server] ipchains on client firewall

Geoff Nordli geoff at gnaa.net
Tue Jan 11 15:14:45 CST 2000


It doesn't look like you have any output rules.

So unless you default policy for output is allow that
part won't work.

You also need the vpn masq patch if the firewall is
in between the client, and the pptp server.

Look at the pptp home page, and you will find reference
to it.

geoff

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Edward Scott
'Woody' Wood
Sent: Tuesday, January 11, 2000 1:07 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] ipchains on client firewall


Good day folks.
  Newbie here, doin' his best and hitting the wall.  I have read the 
howtos and faqs and am still having troubles at the client end.  The
Server end is quite happy though. I have an NT client behind a Redhat 6.1
firewall trying to connect to a PoPToP server.  I'm sure I have the wrong
IPchains rules on that firewall.  Here they are.

ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
ipchains -A input -p tcp -d <external IP> 1723 -j ACCEPT
ipchains -A input -p tcp -d <external IP> -j ACCEPT
ipchains -A forward -p tcp -d <external IP> 1723 -j ACCEPT
ipchains -A forward -p tcp -s <external IP> 1723 -j ACCEPT
ipchains -A forward -p 47 -d <external IP> -j ACCEPT
ipchains -A forward -P 47 -s <external IP> -j ACCEPT

It's just a home system so all I want from the wall is to allow all
outgoing traffic and for the PPTP traffic to work!  Any tips, flames, kind
words from the masses?


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!





More information about the pptp-server mailing list