[pptp-server] ppp forwarding - more questions...
Dread Boy
dreadboy at hotmail.com
Tue Feb 27 21:49:41 CST 2001
Thx Tim! That did work, mostly. I can now see a list of machines on the
LAN. However, I could only access the PPTPD server and the remote machines
shares, remotely. Any other machines on the network I could neither ping or
access their share lists.
Any ideas on this one?
>From: Tim Canfield <canfieldtim at yahoo.com>
>To: Dread Boy <dreadboy at hotmail.com>
>Subject: Re: [pptp-server] Netmask woes... Detailed files
>Date: Sat, 24 Feb 2001 01:17:14 -0800 (PST)
>
>DB,
>
>One of the things you may be missing is ipchains rules which allow packets
>coming from ppp* to be forwarded. You could set these rules up statically,
>but
>I do it dynamically using the scripts ip-up and ip-down. They are
>described in
>the pppd man page.
>
>My ip-up.local contains:
> > #!/bin/bash
> >
> > REALDEVICE=$1
> >
> > export PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin
> >
> > ipchains -A input -i $REALDEVICE -j ACCEPT
> > ipchains -A output -i $REALDEVICE -j ACCEPT
> > ipchains -A forward -i $REALDEVICE -j ACCEPT
>
>My ip-down.local contains"
> > #!/bin/bash
> >
> > REALDEVICE=$1
> >
> > export PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin
> >
> > ipchains -D input -i $REALDEVICE -j ACCEPT
> > ipchains -D output -i $REALDEVICE -j ACCEPT
> > ipchains -D forward -i $REALDEVICE -j ACCEPT
>
>
>If you set the rules up dynamically, you should remove them when the ppp
>session is finished, otherwise you will end up with too many ipchains
>rules.
>
>As long as the rest of your firewall is set up correctly, these simple
>rules
>above shouldn't open up any security holes. If they do, hopefully someone
>will
>comment.
>
>Tim
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
More information about the pptp-server
mailing list