[pptp-server] ping only

Jerry Vonau jvonau at home.com
Tue Nov 14 04:50:50 CST 2000 

Hello Jim:

do you have a rules that allow traffic from the lan and allow forwarding?
ie:
/sbin/ipchains -A input -i eth1  -s $intlan -d $intlan  -j ACCEPT
/sbin/ipchains -A output -i eth1  -s $intlan  -d $intlan -j ACCEPT
/sbin/ipchains -A forward -i eth1  -s $intlan -d $intlan  -j ACCEPT
/sbin/ipchains -A forward -i ppp0  -s $intlan -d $intlan  -j ACCEPT

The forward statments must be before any MASQ statements.

Jerry Vonau
Ram Messenger/
Winniprg Motor Express




Jim McCormack wrote:

> Hello All:
>
> I am have set up the poptop server on the machine I use as a firewall.
> I am able to connect and login using microsoft vpn on a Win2k machine.
> Furthermore I can ping all the hosts on the remote lan and the poptop
> server itself.
>
> I cannot telnet, web browse or anything else to those machines.
>
> I am confident that routing is OK since I am able to ping all the
> machines.  I have set rules in my ipchains firewall script to explicity
> allow all incoming and outgoing traffic on the ppp0 interface.  I cannot
> see any packets denied in my logs.  I can see many packets accepted.
>
> Things that might be worthy of noting:
>
> 1)  I am assigning ip addresses of 192.168.60.128-254 to the vpn
> connections while my local interface is 192.168.76.x
> 2) I belive the relevant part of my ipchains firewall is as follows:
>
> #!/bin/sh
> #
> #
> echo -n "    Shutting down networking & clearing IP chains..."
> # Shut down all traffic
> /sbin/ipchains -P forward ACCEPT
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output REJECT
>
> # Delete any existing chains
> /sbin/ipchains -F forward
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> echo -en 'done\r\f'
> ANYWHERE="any/0"
> EXTERNAL_IF="eth0"
> PPTP_IF="ppp0"
> LOOP_IF="lo"
> CLASS_A="10.0.0.0/8"
> CLASS_B="172.16.0.0/12"
> CLASS_C="192.168.0.0/16"
> MULTICAST="240.0.0.0/3"
> BROADCAST_0="0.0.0.0"
> BROADCAST_1="255.255.255.255"
> echo -n "    Creating IP firewall chains..."
> ## [Deny Packets]
> # Turn on kernel IP spoof protection
> echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
>
> echo "Accept ppp0 any/0"
> /sbin/ipchains -A input -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> /sbin/ipchains -A output -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> echo "ppp0 done"
>
> I saw a similar problem posted in July, however the poster posted a
> reply to his own problem saying that it was now working...
>
> Cheers,
>
> Jim McCormack
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list