[pptp-server] Can't ping the local LAN
Thomas Koschate
koschate at bigfoot.com
Sun Mar 19 11:41:49 CST 2000
I finally got this sucker working. Ultimately, the problem turned out to
be my restrictive firewalling rules, since I'm DENYing or REJECTing
everything by default. For the benefit of others, here's what my
ip-up.local ended up as:
#!/bin/sh
# /etc/ppp/ip-up.local
case $2
in
/dev/pts/*)
echo "$(date): ip-up 1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >>
/var/log/pptpd.log
/sbin/ipchains --insert forward -j ACCEPT -s $5 -d 192.168.20.0/24
/sbin/ipchains --insert forward -j ACCEPT -d $5 -s 192.168.20.0/24
/sbin/ipchains --insert input -b -s $5 -d 192.168.10.0/24 -j ACCEPT
/sbin/ipchains --insert output -b -s 192.168.10.0/24 -d $5 -j ACCEPT
echo "$(date): ip-up Firewall rules set for $1:$5" >>
/var/log/pptpd.log
;;
esac
And the complementary ip-down.local:
#!/bin/sh
# /etc/ppp/ip-down.local
case $2
in
/dev/pts/*)
echo "$(date): ip-down 1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >>
/var/log/pptpd.log
/sbin/ipchains --delete forward -j ACCEPT -s $5 -d 172.16.0.0/24
/sbin/ipchains --delete forward -j ACCEPT -s 172.16.0.0/24 -d $5
/sbin/ipchains --delete input -b -s $5 -d 172.16.0.0/24 -j ACCEPT
/sbin/ipchains --delete output -b -s 172.16.0.0/24 -d $5 -j ACCEPT
echo "$(date): ip-down Firewall rules removed for $1:$5" >>
/var/log/pptpd.log
;;
esac
"Scott M. Stone" <sstone at taos.com> on 2000-03-09 17:07:08
To: Thomas Koschate <koschate at bigfoot.com>
cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] Can't ping the local LAN
On Thu, 9 Mar 2000, Thomas Koschate wrote:
> On 2000-03-08 17:00:26, Scott M. Stone wrote:
>
> >ok, assuming your local net is 192.168.81.0/24 and your remote side of
the
> >pptp connection is being assigned 192.168.81.101, do:
> >
> >ipchains -P forward DENY
> >ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
> >ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT
> >
> >see if that helps
>
> Well, I don't know about Gary, but it certainly helped me with a similar
> problem. I disabled my firewalling, tried these commands, and everything
> was wonderful. Now the trick is to get the darned thing working _with_
the
> firewalling.
well, my above ipchains commands will keep your general policy of denying
forwarding, but allows forwarding between the remote pptp client and the
rest of your local subnet, which is what you want. Try my lines instead
of the ones below....?
>
> I put in the following script:
> ---------------------------------
> #!/bin/sh
> # /etc/ppp/ip-up.local
> case $2
> in
> /dev/pts/*)
> echo "$(date): ip-up 1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >>
> /var/log/pptpd.log
> /sbin/ipchains --insert forward -j ACCEPT -s $5 -i eth1
> /sbin/ipchains --insert forward -j ACCEPT -d $5 -i $1
> echo "$(date): ip-up Firewall rules set for $1:$5" >>
> /var/log/pptpd.log
> ;;
> esac
> ---------------------------------
>
> And a corresponding ip-down.local, re-enabled my firewalling, and got
zippo
> again. Where to go from here?
> =============================================================
> Thomas Koschate
> koschate at bigfoot.com
>
> For PGP Key, see
> http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
> =============================================================
> "Lawyers, I suppose, were children once."
>
> Charles Lamb
>
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>
--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company
More information about the pptp-server
mailing list