[pptp-server] Need help to run pptpd over ipchains firewall

Francisco Franco ffranco at interlog.com
Sun Nov 26 20:32:20 CST 2000 

Hi Folks,

I need some help.  I have installed pptpd-1.0.0-1 on a PC running Linux
RedHat 6.2.  I am able to connect to the pptpd server from the internal
network without any problems.  However, when I try to connect from the
outside I get problems.

In order to allow pptpd over the firewall running ipchains, I have made
the following additions to the firewall.

++ ipchains -A output -i eth1 -j eth1-out
++ ipchains -A eth1-out -s 192.168.1.0/24 -l -j DENY
++ ipchains -A eth1-out -d 192.168.1.0/24 -l -j DENY
++ ipchains -A input -i eth1 -j eth1-in
++ ipchains -A eth1-in -s 192.168.1.0/24 -l -j DENY
++ ipchains -A eth1-in -d 192.168.1.0/24 -l -j DENY
++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 auth -j REJECT
++ ipchains -A eth1-in -p TCP -y -d 0.0.0.0/0 1723 -j ACCEPT -l
++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
++ ipchains -A eth1-in -p 47 -j ACCEPT
++ ipchains -A eth1-in -p TCP -j ACCEPT
++ ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT

The 192.168.1.0/24 network is my internal network and it sits on eth0.
eth1 is my external network.  However, after I have applied the above
rules to the ipchains, I get the following messages in m messages log.

Nov 26 21:09:14 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
connection started
Nov 26 21:09:14 hammer pptpd[983]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 26 21:09:14 hammer pppd[984]: pppd 2.3.11 started by root, uid 0
Nov 26 21:09:14 hammer pppd[984]: Using interface ppp0
Nov 26 21:09:14 hammer pppd[984]: Connect: ppp0 <--> /dev/pts/2
Nov 26 21:09:14 hammer kernel: Packet log: output REJECT eth1 PROTO=47
205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=1640 F=0x0000
T=64 (#48)
Nov 26 21:09:14 hammer pptpd[983]: GRE: xmit failed from decaps_hdlc:
Operation not permitted
Nov 26 21:09:15 hammer pptpd[983]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Nov 26 21:09:15 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
connection finished
Nov 26 21:09:15 hammer pppd[984]: Modem hangup
Nov 26 21:09:15 hammer pppd[984]: Connection terminated.
Nov 26 21:09:15 hammer pppd[984]: Exit.

What have I forgotten to do?

Regards,

Francisco

More information about the pptp-server mailing list