[pptp-server] Need help to run pptpd over ipchains firewall

Francisco Franco ffranco at interlog.com
Tue Nov 28 10:47:43 CST 2000 

Hi Folks,

Thanks very much for all your help, but unfortunatly the problem that I
was experiencing
can be totally attributed to my own stupidity and nothing else.  At home
I am connected to
a router manufactured by LinkSys.  The problem was that the device is
doing masquerading.
So, once I figured that out, I decided to connect using my ISP through a
plain old
telephone line with nothing between my PC and the PPTP server.  Once I
did that, all my
troubles went away and I was able to connect without any problems.

Once again thanks very much for all the help and suggestions.

I may soon bother you all when I move onto configuring machines running
W2K.

Francisco

Jerry Vonau wrote:

> Francisco:
>
> try from my earlier post:
>
> /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -d $EXTIP/32 1723
> /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p 47 -d $EXTIP/32
> /sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s 0/0 -d 0/0
> /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp ! -y -s $EXTIP/32 1723
> /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p 47 -s $EXTIP/32 -d $UNIVERSE
> /sbin/ipchains -A output -j ACCEPT -i  ppp+ -b -s 0/0 -d 0/0
> /sbin/ipchains -A forward -j ACCEPT -i $ppp+ -s $INTLAN -d $INTLAN
> /sbin/ipchains -A forward -j ACCEPT -i $INTIF -s $INTLAN -d $INTLAN
>
> Don't forward the P 47 and GRE if this server is on the firewall, it's the final stop.
>
> If the server is behind the firewall that is a whole different ball game.
> This should allows connections. What does your /etc/ppp/options file look like?
>
> Francisco Franco wrote:
>
> > Hi Steve,
> >
> > Just another update, I  now have the following in my firewall:
> >
> > +++
> >     ipchains -A forward -i $EXTERNAL_INTERFACE -p tcp  \
> >              -s 10.0.0.200 $UNPRIVPORTS \
> >              -d $ANYWHERE 1723 -j MASQ
> >
> >     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
> >              -s $ANYWHERE $UNPRIVPORTS \
> >              -d $IPADDR 1723 -j ACCEPT
> >
> >     ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
> >              -s $IPADDR 1723 \
> >              -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
> >
> >     ipchains -A forward -i $EXTERNAL_INTERFACE -p 47  \
> >              -s 10.0.0.200 \
> >              -d $ANYWHERE -j MASQ
> >
> >     ipchains -A input  -i $EXTERNAL_INTERFACE -p 47  \
> >              -s $ANYWHERE \
> >              -d $IPADDR -j ACCEPT
> >
> >     ipchains -A output -i $EXTERNAL_INTERFACE -p 47  \
> >              -s $IPADDR \
> >              -d $ANYWHERE -j ACCEPT
> > +++
> >
> > Now I get a little further to the point where the client tries to connect to the
> > server, but I get the following:
> >
> > +++
> > Nov 27 22:11:12 hammer pppd[7006]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth
> > chap MD5> <magic 0x5f533724> <pcomp> <accomp>]
> > Nov 27 22:11:39 hammer last message repeated 9 times
> > Nov 27 22:11:42 hammer pppd[7006]: LCP: timeout sending Config-Requests
> > +++
> >
> > Am I missing anything else?
> >
> > Francisco
> >

More information about the pptp-server mailing list