[pptp-server] ping only

[Jim McCormack]

Hello All:

I am have set up the poptop server on the machine I use as a firewall.
I am able to connect and login using microsoft vpn on a Win2k machine.
Furthermore I can ping all the hosts on the remote lan and the poptop
server itself.

I cannot telnet, web browse or anything else to those machines.

I am confident that routing is OK since I am able to ping all the
machines.  I have set rules in my ipchains firewall script to explicity
allow all incoming and outgoing traffic on the ppp0 interface.  I cannot
see any packets denied in my logs.  I can see many packets accepted.

Things that might be worthy of noting:

1)  I am assigning ip addresses of 192.168.60.128-254 to the vpn
connections while my local interface is 192.168.76.x
2) I belive the relevant part of my ipchains firewall is as follows:

#!/bin/sh
#
#
echo -n "    Shutting down networking & clearing IP chains..."
# Shut down all traffic
/sbin/ipchains -P forward ACCEPT
/sbin/ipchains -P input DENY
/sbin/ipchains -P output REJECT

# Delete any existing chains
/sbin/ipchains -F forward
/sbin/ipchains -F input
/sbin/ipchains -F output
echo -en 'done\r\f'
ANYWHERE="any/0"
EXTERNAL_IF="eth0"
PPTP_IF="ppp0"
LOOP_IF="lo"
CLASS_A="10.0.0.0/8"
CLASS_B="172.16.0.0/12"
CLASS_C="192.168.0.0/16"
MULTICAST="240.0.0.0/3"
BROADCAST_0="0.0.0.0"
BROADCAST_1="255.255.255.255"
echo -n "    Creating IP firewall chains..."
## [Deny Packets]
# Turn on kernel IP spoof protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

echo "Accept ppp0 any/0"
/sbin/ipchains -A input -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
/sbin/ipchains -A output -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
echo "ppp0 done"

I saw a similar problem posted in July, however the poster posted a
reply to his own problem saying that it was now working...

Cheers,

Jim McCormack