[pptp-server] Can't ping the local LAN

Scott M. Stone sstone at taos.com
Thu Mar 9 16:08:12 CST 2000 

On Thu, 9 Mar 2000, Thomas Koschate wrote:

> On 2000-03-08 17:00:26, Scott M. Stone wrote:
> 
> >ok, assuming your local net is 192.168.81.0/24 and your remote side of the
> >pptp connection is being assigned 192.168.81.101, do:
> >
> >ipchains -P forward DENY
> >ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
> >ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT
> >
> >see if that helps
> 
> Well, I don't know about Gary, but it certainly helped me with a similar 
> problem.  I disabled my firewalling, tried these commands, and everything 
> was wonderful.  Now the trick is to get the darned thing working _with_ the 
> firewalling.

well, my above ipchains commands will keep your general policy of denying
forwarding, but allows forwarding between the remote pptp client and the
rest of your local subnet, which is what you want.  Try my lines instead
of the ones below....?

> 
> I put in the following script:
> ---------------------------------
> #!/bin/sh
> # /etc/ppp/ip-up.local
> case $2
>   in
>   /dev/pts/*)
>     echo "$(date): ip-up   1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >> 
> /var/log/pptpd.log
>     /sbin/ipchains --insert forward -j ACCEPT -s $5 -i eth1
>     /sbin/ipchains --insert forward -j ACCEPT -d $5 -i $1 
>     echo "$(date): ip-up  Firewall rules set for $1:$5" >> 
> /var/log/pptpd.log
>                 ;;
> esac
> ---------------------------------
> 
> And a corresponding ip-down.local, re-enabled my firewalling, and got zippo 
> again.  Where to go from here?
> =============================================================
> Thomas Koschate
> koschate at bigfoot.com
> 
> For PGP Key, see
> http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
> =============================================================
> "Lawyers, I suppose, were children once."
> 
>      Charles Lamb
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company

More information about the pptp-server mailing list