[pptp-server] Newbie / PPTP on a firewall

Yan Seiner yan at cardinalengineering.com
Thu Jan 20 11:42:11 CST 2000 

Yes - but it's not a simple setup.

If you only firewall the public interface, you need ipchains code
similar to:

echo -n "pptp..."
ipchains -A pub-in -p tcp \
        --sport $UNPRIV_PORTS \
        -d $PUBLIC_IP pptpctrl \
        -j ACCEPT
ipchains -A pub-in -p pptp \
        -d $PUBLIC_IP \
        -j ACCEPT
ipchains -A pub-out -p tcp \
        --source $PUBLIC_IP pptpctrl \
        --dport $UNPRIV_PORTS \
        -j ACCEPT
ipchains -A pub-out -p pptp \
        --source $PUBLIC_IP \
        -j ACCEPT
echo ""

If you also firewall the internal interface, that gets a lot more
complicated, as you have to handle all the smb protocol, broadcasts,
etc.

Remember that ppp0 is your "public" interface, and ppp1 and on are the
VPN interfaces.  You need to have different firewall rules for those.

I have pptpd running on my firewall for win95/winNT, and it has proven
stable under the vast majority of uses.  I still can't see/mount shares
on some of my internal servers, but that's due to the internal firewall
code, not pptpd.

--Yan

> "Koopmann, Jan-Peter" wrote:
> 
> Hi,
> 
> I am a complete PPTPD newbie and need some advice. Right now we have
> the following setup:
> 
> Internet                                      Linux
> Firewall                                             internal network
> 
> *.*.*.* =====   static public IP address --> ipchains and NAT -->
> private IP 172.16.40.254   ===== 172.16.40.*  network
> 
> I want to be able to establish VPN tunnels with PPTP from Windows 2000
> clients. I thought about installing PPTPD on the Linux firewall. Will
> this work? Can Win2000 (and Win98) clients connect to the PPTPD on the
> Linux Firewall and "see" everything in the private 172.16.40.* network
> from that point on? If so, what will the configuration have to look
> like?
> 
> Any help would be greatly appreciated! Thanks in advance,
> 
> regards Jan-Peter
> 
> -----------
> Adam & Koopmann Computertechnik
> - Geschäftsführer -
> Bismarckstr. 59
> 64293 Darmstadt
> Deutschland
> 
> Tel.: +49 (6151) 66843-42
> Fax: +49 (6151) 66843-52

-- 

Think different
	ride a recumbent
		use Linux.

More information about the pptp-server mailing list