[pptp-server] IPCHAINS
Yan Seiner
yan at cardinalengineering.com
Wed May 17 14:26:00 CDT 2000
This should work. pub-in is your public interface (ppp0 probably, but
could be ethn...)
put the proper entries in /etc/services
pptpctrl 1723/tcp # pptp
and /etc/protocols
pptp 47 GRE # PPTP protocol
and in your firewall script:
UNPRIV_PORTS="1024:65535"
# adjust others to match
# PPTP is kind of a bastardized service in that it requires
# both a tcp connection and a protocol 47 connection.
# for that reason, let's put it off by itself.
echo -n "pptp..."
ipchains -A pub-in -p tcp \
--sport $UNPRIV_PORTS \
-d $PUBLIC_IP pptpctrl \
-j ACCEPT
ipchains -A pub-in -p pptp \
-d $PUBLIC_IP \
-j ACCEPT
ipchains -A pub-out -p tcp \
--source $PUBLIC_IP pptpctrl \
--dport $UNPRIV_PORTS \
-j ACCEPT
ipchains -A pub-out -p pptp \
--source $PUBLIC_IP \
-j ACCEPT
echo ""
chris wrote:
>
> What are the exact IPCHAINS rules to allow a client to connect to a PoPToP
> Server On the firewall...
>
> The setup is that the firewall with internal IP 192.168.0.151 and external
> 24.x.x.x
> And the PoPTop server is the firewall...
>
> Thanks,
> Chris
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
--
Think different
ride a recumbent
use Linux.
More information about the pptp-server
mailing list