[pptp-server] PPTP
Shirish Bhagwat
shirish at dishatech.com
Thu Apr 19 02:26:18 CDT 2001
$LOCALHOST contains ip address of the external interface.
Line numbers obtained for 1723 port which is PPTP port are given below.
Thanks
Shirish
root at dishatech.com wrote:
> 0 0 ACCEPT tcp !y---- 0xFF 0x00 eth0 0.0.0.0/0 10.1.1.10 1723 -> 1024:65535
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 10.1.1.10 1723 -> 1024:65535
> 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 10.1.1.10 1024:65535 -> 1723
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 10.1.1.10 1024:65535 -> 1723
> 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 10.1.1.10 0.0.0.0/0 1024:65535 -> 1723
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 10.1.1.10 0.0.0.0/0 1024:65535 -> 1723
> 0 0 ACCEPT tcp !y---- 0xFF 0x00 eth0 10.1.1.10 0.0.0.0/0 1723 -> 1024:65535
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 10.1.1.10 0.0.0.0/0 1723 -> 1024:65535
George Vieira wrote:
> Is your $LOCALHOST containing 127.0.0.1? This won't work and should contains
> your external IP address..
>
> Can you give me/us a listing of your
>
> ipchains -L -n -v --linenumbers
>
> thanks,
> George Vieira
>
> -----Original Message-----
> From: Karan Ingale [mailto:karan_ingale at yahoo.com]
> Sent: Thursday, April 19, 2001 4:09 PM
> To: pptp-server at lists.schulte.org
> Cc: shirish at dishatech.com
> Subject: [pptp-server] PPTP
>
> Hello,
> I am running Redhat Linux 6.2 on a Pentium machine. I
> have applied the Kernel patch for PPTP. I am using
> IPChains to filter out specific outgoing and incoming
> traffic.
> I use a Windows 2000 machine from the internal
> network, to make a VPN session with a server on the
> internet. If I don't apply any rules for ipchains (All
> Accept), I am able to make the connection. But as soon
> as I apply the following rules, I am not able to make
> a VPN connection with the VPN server on the internet.
>
> This is the policy I used to deny all ports
>
> ipchains --policy input DENY
> ipchains --policy output DENY
> ipchains --policy forward DENY
>
> This is the policy for PPTP
>
> ipchains --append input \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $EXTERNAL_NETWORK $PPTP \
> --destination $LOCALHOST $UNPRIVPORTS \
> --protocol tcp
> # --protocol tcp ! -y #SYN BIT
> Check
>
> ipchains --append output \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $LOCALHOST $UNPRIVPORTS \
> --destination $EXTERNAL_NETWORK $PPTP \
> --protocol tcp
>
> ipchains --append input \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $EXTERNAL_NETWORK $PPTP \
> --destination $LOCALHOST $UNPRIVPORTS \
> --protocol udp
>
> ipchains --append output \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $LOCALHOST $UNPRIVPORTS \
> --destination $EXTERNAL_NETWORK $PPTP \
> --protocol udp
>
> I have similar policies for other ports. They work
> just fine.
> Can anybody solve my problem?
>
> Thanks.
>
> Karan.
>
> Systems Engineer.
> Disha Technologies.
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list