[pptp-server] PPTP
George Vieira
GeorgeV at citadelcomputer.com.au
Thu Apr 19 17:14:27 CDT 2001
10.1.1.10 looks like your internal IP addresses of your PPTP server. This
will not work and requires the External IP of the machine.
Does this machine HAVE an external IP or is it using NAT provided by the
router?
thanks,
George Vieira
-----Original Message-----
From: Shirish Bhagwat [mailto:shirish at dishatech.com]
Sent: Thursday, April 19, 2001 5:26 PM
To: George Vieira
Cc: karan_ingale at hotmail.com; pptp-server at lists.schulte.org
Subject: Re: [pptp-server] PPTP
$LOCALHOST contains ip address of the external interface.
Line numbers obtained for 1723 port which is PPTP port are given below.
Thanks
Shirish
root at dishatech.com wrote:
> 0 0 ACCEPT tcp !y---- 0xFF 0x00 eth0
0.0.0.0/0 10.1.1.10 1723 -> 1024:65535
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 10.1.1.10 1723 -> 1024:65535
> 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 10.1.1.10 1024:65535 -> 1723
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 10.1.1.10 1024:65535 -> 1723
> 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0
10.1.1.10 0.0.0.0/0 1024:65535 -> 1723
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
10.1.1.10 0.0.0.0/0 1024:65535 -> 1723
> 0 0 ACCEPT tcp !y---- 0xFF 0x00 eth0
10.1.1.10 0.0.0.0/0 1723 -> 1024:65535
> 0 0 ACCEPT udp ------ 0xFF 0x00 eth0
10.1.1.10 0.0.0.0/0 1723 -> 1024:65535
George Vieira wrote:
> Is your $LOCALHOST containing 127.0.0.1? This won't work and should
contains
> your external IP address..
>
> Can you give me/us a listing of your
>
> ipchains -L -n -v --linenumbers
>
> thanks,
> George Vieira
>
> -----Original Message-----
> From: Karan Ingale [mailto:karan_ingale at yahoo.com]
> Sent: Thursday, April 19, 2001 4:09 PM
> To: pptp-server at lists.schulte.org
> Cc: shirish at dishatech.com
> Subject: [pptp-server] PPTP
>
> Hello,
> I am running Redhat Linux 6.2 on a Pentium machine. I
> have applied the Kernel patch for PPTP. I am using
> IPChains to filter out specific outgoing and incoming
> traffic.
> I use a Windows 2000 machine from the internal
> network, to make a VPN session with a server on the
> internet. If I don't apply any rules for ipchains (All
> Accept), I am able to make the connection. But as soon
> as I apply the following rules, I am not able to make
> a VPN connection with the VPN server on the internet.
>
> This is the policy I used to deny all ports
>
> ipchains --policy input DENY
> ipchains --policy output DENY
> ipchains --policy forward DENY
>
> This is the policy for PPTP
>
> ipchains --append input \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $EXTERNAL_NETWORK $PPTP \
> --destination $LOCALHOST $UNPRIVPORTS \
> --protocol tcp
> # --protocol tcp ! -y #SYN BIT
> Check
>
> ipchains --append output \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $LOCALHOST $UNPRIVPORTS \
> --destination $EXTERNAL_NETWORK $PPTP \
> --protocol tcp
>
> ipchains --append input \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $EXTERNAL_NETWORK $PPTP \
> --destination $LOCALHOST $UNPRIVPORTS \
> --protocol udp
>
> ipchains --append output \
> --jump ACCEPT \
> --interface $EXTERNAL_INTERFACE \
> --source $LOCALHOST $UNPRIVPORTS \
> --destination $EXTERNAL_NETWORK $PPTP \
> --protocol udp
>
> I have similar policies for other ports. They work
> just fine.
> Can anybody solve my problem?
>
> Thanks.
>
> Karan.
>
> Systems Engineer.
> Disha Technologies.
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list