[pptp-server] Firewall issues... More info...

Jason Bradley Nance jbnance at tresgeek.net
Sun Oct 8 14:50:04 CDT 2000


> I'm confused here, because you say your rule 34 is defined to match
> interface $EXTIF and protocol 6 (tcp), but you also say your error log is
> giving errors on rule 34 matching interface ppp0 and protocol 17 (udp).
> They cannot be the same rule.  Maybe one is an input rule and the other an
> output rule?

Well, how would I go about extracting rule #34.  Maybe I'm not doing it
right.  I did:

less rc.firewall | grep /sbin/ipchains > firewall.raw
vi firewall.raw
:34

That's what rule was on line 34.

> As for the two rules:
> 
> /sbin/ipchains -A forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.1.0/24
> /sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 139 -d
> $EXTIP
> 
> These two rules are on two completely separate rule chains (forward and
> input) so neither one is before or after the other.  The first applies
when
> a packet is being forwarded, and the second applies to input packets.  See
> the section "How Packets Traverse The Filters" in the IPCHAINS-HOWTO for
> more details.

Can you give me an example of how to allow traffic to pass to the ppp*
interface from local net to local net?  My default has all SMB traffic
killed that tries to leave the internal interface.

j





More information about the pptp-server mailing list