[pptp-server] PPTP

Shirish Bhagwat shirish at dishatech.com
Thu Apr 19 23:56:37 CDT 2001 

internal interface IP address is 192.168.1.x
External interface is 10.1.1.10
The external interface talks to TE4 modem (DSL router).
All other ports like Telnet, smtp, irc, etc are going through this same
firewall much the same way and they all seem to be working alright.

If you want I can send you my firewall script.

Thanks
Shirish Bhagwat

George Vieira wrote:

> 10.1.1.10 looks like your internal IP addresses of your PPTP server. This
> will not work and requires the External IP of the machine.
>
> Does this machine HAVE an external IP or is it using NAT provided by the
> router?
>
> thanks,
> George Vieira
>
> -----Original Message-----
> From: Shirish Bhagwat [mailto:shirish at dishatech.com]
> Sent: Thursday, April 19, 2001 5:26 PM
> To: George Vieira
> Cc: karan_ingale at hotmail.com; pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] PPTP
>
> $LOCALHOST contains ip address of the external interface.
>
> Line numbers obtained for 1723 port which is PPTP port are given below.
>
> Thanks
> Shirish
> root at dishatech.com wrote:
>
> >     0     0 ACCEPT     tcp  !y---- 0xFF 0x00  eth0
> 0.0.0.0/0            10.1.1.10             1723 ->   1024:65535
> >     0     0 ACCEPT     udp  ------ 0xFF 0x00  eth0
> 0.0.0.0/0            10.1.1.10             1723 ->   1024:65535
> >     0     0 ACCEPT     tcp  ------ 0xFF 0x00  eth0
> 0.0.0.0/0            10.1.1.10             1024:65535 ->   1723
> >     0     0 ACCEPT     udp  ------ 0xFF 0x00  eth0
> 0.0.0.0/0            10.1.1.10             1024:65535 ->   1723
> >     0     0 ACCEPT     tcp  ------ 0xFF 0x00  eth0
> 10.1.1.10            0.0.0.0/0             1024:65535 ->   1723
> >     0     0 ACCEPT     udp  ------ 0xFF 0x00  eth0
> 10.1.1.10            0.0.0.0/0             1024:65535 ->   1723
> >     0     0 ACCEPT     tcp  !y---- 0xFF 0x00  eth0
> 10.1.1.10            0.0.0.0/0             1723 ->   1024:65535
> >     0     0 ACCEPT     udp  ------ 0xFF 0x00  eth0
> 10.1.1.10            0.0.0.0/0             1723 ->   1024:65535
>
> George Vieira wrote:
>
> > Is your $LOCALHOST containing 127.0.0.1? This won't work and should
> contains
> > your external IP address..
> >
> > Can you give me/us a listing of your
> >
> > ipchains -L -n -v --linenumbers
> >
> > thanks,
> > George Vieira
> >
> > -----Original Message-----
> > From: Karan Ingale [mailto:karan_ingale at yahoo.com]
> > Sent: Thursday, April 19, 2001 4:09 PM
> > To: pptp-server at lists.schulte.org
> > Cc: shirish at dishatech.com
> > Subject: [pptp-server] PPTP
> >
> > Hello,
> >  I am running Redhat Linux 6.2 on a Pentium machine. I
> > have applied the Kernel patch for PPTP. I am using
> > IPChains to filter out specific outgoing and incoming
> > traffic.
> >  I use a Windows 2000 machine from the internal
> > network, to make a VPN session with a server on the
> > internet. If I don't apply any rules for ipchains (All
> > Accept), I am able to make the connection. But as soon
> > as I apply the following rules, I am not able to make
> > a VPN connection with the VPN server on the internet.
> >
> > This is the policy I used to deny all ports
> >
> >   ipchains --policy input    DENY
> >   ipchains --policy output   DENY
> >   ipchains --policy forward  DENY
> >
> > This is the policy for PPTP
> >
> >   ipchains --append        input \
> >            --jump          ACCEPT \
> >            --interface     $EXTERNAL_INTERFACE \
> >            --source        $EXTERNAL_NETWORK $PPTP \
> >            --destination   $LOCALHOST $UNPRIVPORTS \
> >            --protocol      tcp
> > #           --protocol      tcp  ! -y    #SYN BIT
> > Check
> >
> >   ipchains --append        output \
> >            --jump          ACCEPT \
> >            --interface     $EXTERNAL_INTERFACE \
> >            --source        $LOCALHOST $UNPRIVPORTS \
> >            --destination   $EXTERNAL_NETWORK $PPTP \
> >            --protocol      tcp
> >
> >   ipchains --append        input \
> >            --jump          ACCEPT \
> >            --interface     $EXTERNAL_INTERFACE \
> >            --source        $EXTERNAL_NETWORK $PPTP \
> >            --destination   $LOCALHOST $UNPRIVPORTS \
> >            --protocol      udp
> >
> >   ipchains --append        output \
> >            --jump          ACCEPT \
> >            --interface     $EXTERNAL_INTERFACE \
> >            --source        $LOCALHOST $UNPRIVPORTS \
> >            --destination   $EXTERNAL_NETWORK $PPTP \
> >            --protocol      udp
> >
> >  I have similar policies for other ports. They work
> > just fine.
> >  Can anybody solve my problem?
> >
> > Thanks.
> >
> > Karan.
> >
> > Systems Engineer.
> > Disha Technologies.
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great prices
> > http://auctions.yahoo.com/
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list