[pptp-server] maybe a routing problem??

[Alan Chung]

Thanks for the help.

I do have proxyarp in my /etc/ppp/options file.  This is my content of that 
file,

lock
debug
mtu 1400
mru 1400
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp
ms-wins 192.168.0.12
ms-dns  192.168.0.12

And, the only difference between your ipchains rules and mine is the ones 
for ppp interface.  I am not sure if those are necessary but I have tried 
them.  It doesn't create a different chain when I use "ipchains -L -n" to 
see.  Also, does "ppp+" apply to all ppp0, ppp1, ppp2...?  I can still see 
the ppp connection and ping from all internal machine to that VPN client IP 
(after connection is built).  But not reversely, I can't ping or see even 
PPTP server or any of the internal hosts from VPN client.  I was thinking I 
probably have to add routes for VPN client to see all internal 
machines.  But I have no idea how to add a route in WIN98.

I am really STUCKed.

Please help.



At 午前 09:13 00/10/11 -0500, you wrote:
>Hi Alan:
>
>What are the rules on the pptp server?
>These are mine:
>/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -d $EXTIP/32 1723
>/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p 47 -d $EXTIP/32
>/sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s 0/0 -d 
>0/0         <<needed for ppp
>to talk to internal network, can changed to fit your needs
>/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp ! -y -s $EXTIP/32 1723
>/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p 47 -s $EXTIP/32 -d $UNIVERSE
>/sbin/ipchains -A output -j ACCEPT -i ppp+ -b -s 0/0 -d 
>0/0         <<needed for
>ppp to talk to internal network, can changed to fit your needs
>/sbin/ipchains -A forward -j ACCEPT -i $ppp+ -s $INTLAN -d $INTLAN   << needed
>/sbin/ipchains -A forward -j ACCEPT -i $EXTIF -s $INTLAN -d $INTLAN
>I have these rules in use, yes they work.
>Is the proxyarp working in the pptp server?