[pptp-server] Netmask woes... Detailed files

Dread Boy dreadboy at hotmail.com
Fri Feb 23 16:36:26 CST 2001 

Thanks to everyone so far for the help.  Still can't see or ping the nodes 
on the

LAN after dialing in.

I've listed my configuration files below.
/etc/smb.conf
/var/lock/samba/browse.dat
/var/lock/samba/wins.dat
/etc/pptpd.conf
/etc/ppp/options
/etc/ppp/chap-secrets
/etc/rc.d/rc.firewall  (ipchains script for gateway/firewall)

I do have domainname stripping and SMB authentication using /etc/smbpasswd 
compiled

into ppp-2.3.11 as well using a newly compiled kernel 2.2.17.

Again, connecting to the pptpd server is flawless with Win95A, Win95B, 
Win98,

Win98SE, and Win2000.  Haven't had a chance to test WinME or NT4 yet.

I am using the machine as a gateway between the internal interface (eth0) 
and the

external interface (eth1).

--- /etc/smb.conf ---
[global]
   workgroup = WestLogic
   server string = Linux Samba Server
   hosts allow = 192.168.0. 127.
;Also tried remming out "hosts allow" statement to allow all IPs
   security = user
  password level = 16
  username level = 16
  encrypt passwords = yes
  smb passwd file = /etc/smbpasswd
  unix password sync = Yes
  passwd program = /usr/bin/passwd %u
  username map = /etc/smbusers
  include = /etc/smb.conf.%m
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = eth0
  bind interfaces only = yes
;Also tried remming out "interfaces" and "bind interfaces only" to
;bind to both eth0 and eth1
  remote announce = 192.168.0.255
  local master = yes
  browse list = yes
  os level = 64
  domain master = yes
  preferred master = yes
  domain logons = yes
  name resolve order = wins lmhosts bcast
;Also tried: name resolve order = lmhosts wins bcast
;With lmhosts containing IPs mapped to names
   wins support = yes
   dns proxy = yes
   preserve case = yes
   case sensitive = yes

--- /var/lock/samba/browse.dat ---
"WESTLOGIC"               c0001000 "WL2"                         "WESTLOGIC"
"WL2"                     400d9b0b "Linux Samba Server"          "WESTLOGIC"
"WL1"                     40019603 "WestLogic NT Server"         "WESTLOGIC"
"CRAIG"                   40011003 ""                            "WESTLOGIC"

--- /var/lock/samba/wins.dat ---
VERSION 1 140101
"C-9999CRAIG#20" 983484683 192.168.0.16 64R
"CRAIG#00" 983484683 192.168.0.16 64R
"CRAIG#03" 983484683 192.168.0.16 64R
"CRAIG#20" 983484683 192.168.0.16 64R
"CRAIG#6a" 983484683 192.168.0.16 64R
"CRAIG#87" 983484683 192.168.0.16 64R
"WESTLOGIC#00" 983484683 255.255.255.255 c4R
"WESTLOGIC#1b" 983484124 192.168.0.2 44R
"WESTLOGIC#1c" 983484124 192.168.0.2 c4R
"WESTLOGIC#1e" 983484563 255.255.255.255 c4R
"WL2#00" 983484124 192.168.0.2 46R
"WL2#03" 983484124 192.168.0.2 46R
"WL2#20" 983484124 192.168.0.2 46R

--- /etc/pptpd.conf ---
speed 115200
option /etc/ppp/options
debug
localip 192.168.0.200-215
remoteip 192.168.0.216-231

--- /etc/ppp/options ---
debug
name wl2
netmask 255.255.255.0
auth
proxyarp
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
chapms-strip-domain
require-chap
ms-wins 192.168.0.2

--- /etc/ppp/chap-secrets ---
# client        server  secret                  IP addresses
*               *       &/etc/smbpasswd         *

--- /etc/rc.d/rc.firewall ---
#!/bin/sh
echo "Executing Firewall script...  (/etc/rc.d/rc.firewall)"
# Disable IP forwarding temporarily until script finishes
echo "0" > /proc/sys/net/ipv4/ip_forward
# Load required ip_masq modules (FTP included here)
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_vdolive
# Assign external IP variables
extif="eth1"
extip=`/sbin/ifconfig | grep -A 4 eth1 | awk '/inet/ { print $2 } ' | sed -e

s/addr://`
# Assign internal IP variables
intif="eth0"
intnet="192.168.0.0/24"
intip=`/sbin/ifconfig | grep -A 4 eth0 | awk '/inet/ { print $2 } ' | sed -e

s/addr://`
# Assign misc variables
any="0.0.0.0/0"
echo - Initializing router/gateway on eth0/eth1
echo - Internal IP on eth0: $intip
echo - External IP on eth1: $extip
echo
# Initialize MASQ timeout and standard chains
ipchains -M -S 7200 10 60
ipchains -F input
ipchains -P input REJECT
ipchains -F output
ipchains -P output REJECT
ipchains -F forward
ipchains -P forward DENY
# Setup input policy
# local interface, local machines, going anywhere is valid
ipchains -A input -i $intif -s $intnet -d $any -j ACCEPT
# reject IP spoofing where external computer claims to be a local
ipchains -A input -i $extif -s $intnet -d $any -l -j REJECT
# allow external access via external interface
ipchains -A input -i $extif -s $any -d $extip/32 -j ACCEPT
# loopback interface is valid
ipchains -A input -i lo -s $any -d $any -j ACCEPT
# Setup output policy
# all outgoing traffic is allowed
ipchains -A output -i $intif -s $any -d $intnet -j ACCEPT
# prevent traffic for local network from using external interface
ipchains -A output -i $extif -s $any -d $intnet -l -j REJECT
# prevent traffic from local network from using external interface
ipchains -A output -i $extif -s $intnet -d $any -l -j REJECT
# anything else can go out
ipchains -A output -i $extif -s $extip/32 -d $any -j ACCEPT
# loopback interface is valid
ipchains -A output -i lo -s $any -d $any -j ACCEPT
# Enable IP forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# Setup forwarding policy
# Masquerade local net traffic to anywhere
ipchains -A forward -i $extif -s $intnet -d $any -j MASQ

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

More information about the pptp-server mailing list