[pptp-server] looking for help with pptp through ipchains
Tom Eastep
teastep at evergo.net
Sat Sep 30 10:59:31 CDT 2000
Alan,
Thus spoke Alan Chung:
> Hi, everyone,
>
> I am really hoping if anyone can help me with this problem about ipchains.
> Hi,
>
> I hope someone out there can help me with this.
>
> I have a pptp server behind a ipchains linux firewall. The following is my
> setup:
>
> 210.12.130.172 --> internal pptp server's external IP (an IP alias on
> firewall)
> 210.12.130.0/24 --> network/mask of firewall
> 192.168.0.5 --> internal pptp server's internal IP
>
> # port forwarding for 1723
> ipmasqadm portfw -a -P tcp -L 210.12.130.172 1723 -R 192.168.0.5 1723
>
> # redirect protocol 47
> /usr/local/sbin/ipfwd --masq --syslog 192.168.0.5 47 &
>
> # ipchains part for VPN
> $IPCHAINS -A input -p tcp -s 0/0 -d 210.12.130.0/24 1723 -j ACCEPT
> $IPCHAINS -A input -p 47 -s 0/0 -d 210.12.130.0/24 -j ACCEPT
>
> $IPCHAINS -A output -p tcp -s 210.12.130.0/24 -d 0/0 1723 -j ACCEPT
> $IPCHAINS -A output -p 47 -s 210.12.130.0/24 -d 0/0 -j ACCEPT
>
> $IPCHAINS -A forward -p tcp -s 192.168.0.5/24 -d 210.12.130.172/24 1723 -j MASQ
Unless all of your clients are in the 210.12.130.0/24 subnet, you will
want to relax the above rule...
> $IPCHAINS -A forward -p 47 -s 192.168.0.5/24 -d
> 210.12.130.172/24 -j MASQ
>
> I have patched ip_vpn_masq and compiled my kernel 2.2.14 already and
> everything looks just fine for me. When I tried to connect to the internal
> pptp server from outside through the ipchains box, it seems that conection
> was built (tail -f /var/log/messages on pptp server) but got a 650 error
> which means 47 and 1723 is not going through properly. Does anyone have a
> similar experience?
>
I have gotten this to work in the past -- the only thing that I see about
your setup is mentioned above...
-Tom
--
Tom Eastep \ Eastep's First Principle of Computing:
ICQ #60745924 \ "Any sane computer will tell you how it
teastep at evergo.net \ works if you ask it the proper questions"
Shoreline, Washington USA \___________________________________________
More information about the pptp-server
mailing list