[pptp-server] Pushing pptpd through...

ctooley at amoa.org ctooley at amoa.org
Thu Jun 7 07:53:04 CDT 2001 


If it's not here then I'm not doing it.  How do I do that?

Chris







Justin Kreger <lists at earthling.2y.net> on 06/07/2001 05:54:31 AM
                                                              
                                                              
                                                              
  To:          Chris Tooley/AMOA at AMOA                         
                                                              
  cc:          pptp-server at lists.schulte.org                  
                                                              
                                                              
                                                              
  Subject      Re: [pptp-server] Pushing pptpd through...     
  :                                                           
                                                              








Are you setup to allow established, and related connections?

Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net


On Wed, 6 Jun 2001 ctooley at amoa.org wrote:

>
>
>
>
> I've got a gateway/router style firewall based on a 2.4 kernel.  I'm using
> IPTables (somewhat reluctantly) and need to push pptp traffic through to the
> NAT'd server.  Anyone got any good iptables based scripts to do that?  What I
> have currently keeps timing out:
>
> #Allow pptpd connections (port 1723)
> /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \
>         --sport $PUBLICPORTS --dport 1723 -j ACCEPT
> /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> /sbin/iptables -A INPUT  -i $EXTINT -p 47 -j ACCEPT
> /sbin/iptables -A INPUT  -i ppp+ \
>         -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> /sbin/iptables -A OUTPUT -o ppp+ \
>         -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> echo "PPTP clients allowed"
>
> # Allow inbound pptpd connections to PoPToP - forward to pptp server
> /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723 --sport
> $PUBLIC
> PORTS -j DNAT --to $POPTOPSERVER
> /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to
$POPTOPSERVER
> /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT
> /sbin/iptables -A FORWARD -p 47 -j ACCEPT
> echo "PPTPD Server connections allowed"
>
> I'm pretty sure that there are some parts missing.  Any help will be
> appreciated.
>
> Chris Tooley
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list