[pptp-server] IPCHAINS

Yan Seiner yan at cardinalengineering.com
Wed May 17 14:26:00 CDT 2000

This should work.  pub-in is your public interface (ppp0 probably, but
could be ethn...)

put the proper entries in /etc/services 

pptpctrl        1723/tcp                        # pptp

and /etc/protocols

pptp    47      GRE             # PPTP protocol

and in your firewall script:


# adjust others to match

# PPTP is kind of a bastardized service in that it requires
# both a tcp connection and a protocol 47 connection.
# for that reason, let's put it off by itself.

echo -n "pptp..."
ipchains -A pub-in -p tcp \
        --sport $UNPRIV_PORTS \
        -d $PUBLIC_IP pptpctrl \
        -j ACCEPT
ipchains -A pub-in -p pptp \
        -d $PUBLIC_IP \
        -j ACCEPT
ipchains -A pub-out -p tcp \
        --source $PUBLIC_IP pptpctrl \
        --dport $UNPRIV_PORTS \
        -j ACCEPT
ipchains -A pub-out -p pptp \
        --source $PUBLIC_IP \
        -j ACCEPT
echo ""

chris wrote:
> What are the exact IPCHAINS rules to allow a client to connect to a PoPToP
> Server On the firewall...
> The setup is that the firewall with internal IP and external
> 24.x.x.x
> And the PoPTop server is the firewall...
> Thanks,
> Chris
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!


Think different
	ride a recumbent
		use Linux.

More information about the pptp-server mailing list