[pptp-server] IPCHAINS
Tom Eastep
teastep at evergo.net
Wed May 17 14:49:15 CDT 2000
Chris,
On Wed, 17 May 2000, chris wrote:
> What are the exact IPCHAINS rules to allow a client to connect to a PoPToP
> Server On the firewall...
>
> The setup is that the firewall with internal IP 192.168.0.151 and external
> 24.x.x.x
> And the PoPTop server is the firewall...
>
If you want to do this the "easy way", consider the firewall at
http://seawall.sourceforge.net; it allows you to easily configure your
firewall for running PoPToP on your firewall/gateway (I do so here).
Otherwise, I'll assume that your external interface is eth0 and that you
are assigning a subset of your internal network (192.168.0.0/24) as remote
addresses for pptp clients in /etc/pptp.conf:
ipchains -A input -i eth0 -p 47 -d 24.x.x.x -j ACCEPT
ipchains -A input -i eth0 -p tcp -d 24.x.x.x 1723 -j ACCEPT
ipchains -A input -i ppp+ -j ACCEPT
# You need the following if your output policy is DENY or REJECT and you
# don't have a blanket rule that allows all out traffic to eth0
ipchains -A output -i eth0 -p 47 -j ACCEPT
ipchains -A output -i eth0 -p tcp --sport 1723 -j ACCEPT
# You need the following if your output policy is DENY or REJECT
ipchains -A output -i ppp+ -j ACCEPT
# The following must appear before your MASQ rules
ipchains -A forward -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-Tom
--
Tom Eastep \ Eastep's First Principle of Computing:
ICQ #60745924 \ "Any sane computer will tell you how it
teastep at evergo.net \ works if you ask it the proper questions"
Shoreline, Washington USA \___________________________________________
More information about the pptp-server
mailing list