[pptp-server] PPTP
Charlie Brady
charlieb at e-smith.com
Thu Apr 19 05:16:39 CDT 2001
On Wed, 18 Apr 2001, Karan Ingale wrote:
> I use a Windows 2000 machine from the internal
> network, to make a VPN session with a server on the
> internet. If I don't apply any rules for ipchains (All
> Accept), I am able to make the connection. But as soon
> as I apply the following rules, I am not able to make
> a VPN connection with the VPN server on the internet.
>
> This is the policy I used to deny all ports
>
> ipchains --policy input DENY
> ipchains --policy output DENY
> ipchains --policy forward DENY
>
> This is the policy for PPTP
>
> ipchains --append input \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $EXTERNAL_NETWORK $PPTP \
> --destination $LOCALHOST $UNPRIVPORTS \
> --protocol tcp
> # --protocol tcp ! -y #SYN BIT
> Check
....
You don't mention masquerading, so I assume that you are routing your
internal network to the Internet.
You need to have forwarding rules which allow traffic - your policy is
DENY. You do mention that other protocols are working, which surprises me
a little.
You also need to have rules which allow GRE traffic - protocol 47, IIRC.
Charlie Brady charlieb at e-smith.com
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
More information about the pptp-server
mailing list