[pptp-server] pptp modifying the firewall

James Stevenson mistral at stevenson.zetnet.co.uk
Wed Jun 7 05:54:15 CDT 2000 

Hi

it is reject ICMP Ping packet for some reson

run something like this before and after the connect

ipchains -L > before
ipchains -L > after
diff before after

you will see anychanges show up

cya
	James

In local.pptp-list, you wrote:
>Good afternoon..
>
>I've picked up a number of hints from this list recently - thanks for
>the fixes, Landy! - but have hit problems with ipchains.
>
>PPTP is working, in that the NT client connects to my 2.2.15/2.3.11 box,
>negotiates MPPE, but then spews out: 
>
>Jun  7 14:38:11 scully pppd[3845]: MPPE 40 bit, stateless compression
>enabled
>Jun  7 14:38:11 scully kernel: Packet log: input DENY ppp0 PROTO=1
>192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=31874 F=0x0000 T=32 (#8)
>Jun  7 14:38:12 scully modprobe: modprobe: Can't locate module eth1_0
>Jun  7 14:38:12 scully modprobe: modprobe: Can't locate module eth1_0
>Jun  7 14:38:13 scully kernel: Packet log: input DENY ppp0 PROTO=1
>192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=32386 F=0x0000 T=32 (#8)
>Jun  7 14:38:14 scully kernel: Packet log: input DENY ppp0 PROTO=1
>192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=33154 F=0x0000 T=32
>(#10)
>
>.. and so on. If I re-run my ipchains configuration script, these
>messages go away - evidently, pptp/ppp is modifying my firewall rules,
>and doing it incorrectly. Yes, I am running with two ethernet cards, and
>eth1 is the one it's connecting via, and yes there is an alias eth1:0,
>but this is not the one in my routing table:
>
>Target          Router  Genmask         Flags Metric Ref    Use Iface
>192.168.200.242 *       255.255.255.255 UH    0      0        0 ppp0
>localnet        *       255.255.255.0   U     0      0        0 eth1
>validipaddr     *       255.255.240.0   U     0      0        0 eth0
>default         scully  0.0.0.0         UG    0      0        0 eth0
>
>Any ideas? I hope I haven't missed something extremely obvious. If I
>find the solution and it doesn't seem documented, I'll follow up with
>it...
>
>Nick Farrell.
>_______________________________________________
>pptp-server maillist  -  pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulteconsulting.com!
>


-- 
---------------------------------------------
Check Out: http://www.users.zetnet.co.uk/james/
E-Mail: mistral at stevenson.zetnet.co.uk
 10:50am  up 2 days, 23:29,  3 users,  load average: 0.41, 0.50, 0.79

More information about the pptp-server mailing list