[pptp-server] ping only

Jim McCormack jimmc at irobot.com
Tue Nov 14 08:16:32 CST 2000 

Jerry:

That did it!  thanks so much for your help.

Cheers,

Jim McCormack

Jerry Vonau wrote:

> Hello Jim:
>
> do you have a rules that allow traffic from the lan and allow forwarding?
> ie:
> /sbin/ipchains -A input -i eth1  -s $intlan -d $intlan  -j ACCEPT
> /sbin/ipchains -A output -i eth1  -s $intlan  -d $intlan -j ACCEPT
> /sbin/ipchains -A forward -i eth1  -s $intlan -d $intlan  -j ACCEPT
> /sbin/ipchains -A forward -i ppp0  -s $intlan -d $intlan  -j ACCEPT
>
> The forward statments must be before any MASQ statements.
>
> Jerry Vonau
> Ram Messenger/
> Winniprg Motor Express
>
> Jim McCormack wrote:
>
> > Hello All:
> >
> > I am have set up the poptop server on the machine I use as a firewall.
> > I am able to connect and login using microsoft vpn on a Win2k machine.
> > Furthermore I can ping all the hosts on the remote lan and the poptop
> > server itself.
> >
> > I cannot telnet, web browse or anything else to those machines.
> >
> > I am confident that routing is OK since I am able to ping all the
> > machines.  I have set rules in my ipchains firewall script to explicity
> > allow all incoming and outgoing traffic on the ppp0 interface.  I cannot
> > see any packets denied in my logs.  I can see many packets accepted.
> >
> > Things that might be worthy of noting:
> >
> > 1)  I am assigning ip addresses of 192.168.60.128-254 to the vpn
> > connections while my local interface is 192.168.76.x
> > 2) I belive the relevant part of my ipchains firewall is as follows:
> >
> > #!/bin/sh
> > #
> > #
> > echo -n "    Shutting down networking & clearing IP chains..."
> > # Shut down all traffic
> > /sbin/ipchains -P forward ACCEPT
> > /sbin/ipchains -P input DENY
> > /sbin/ipchains -P output REJECT
> >
> > # Delete any existing chains
> > /sbin/ipchains -F forward
> > /sbin/ipchains -F input
> > /sbin/ipchains -F output
> > echo -en 'done\r\f'
> > ANYWHERE="any/0"
> > EXTERNAL_IF="eth0"
> > PPTP_IF="ppp0"
> > LOOP_IF="lo"
> > CLASS_A="10.0.0.0/8"
> > CLASS_B="172.16.0.0/12"
> > CLASS_C="192.168.0.0/16"
> > MULTICAST="240.0.0.0/3"
> > BROADCAST_0="0.0.0.0"
> > BROADCAST_1="255.255.255.255"
> > echo -n "    Creating IP firewall chains..."
> > ## [Deny Packets]
> > # Turn on kernel IP spoof protection
> > echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
> >
> > echo "Accept ppp0 any/0"
> > /sbin/ipchains -A input -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> > /sbin/ipchains -A output -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> > echo "ppp0 done"
> >
> > I saw a similar problem posted in July, however the poster posted a
> > reply to his own problem saying that it was now working...
> >
> > Cheers,
> >
> > Jim McCormack
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list