[pptp-server] Pushing pptpd through...
Scott Stone
SStone at taos.com
Thu Jun 7 18:00:18 CDT 2001
how is this different than telling iptables to allow tcp in the !-syn state
(ie, not a SYN packet)? isn't that what established/related does?
-----------------------------------------------------
Scott M. Stone <sstone at taos.com>
Senior Technical Consultant - UNIX and Networking
Taos, the Sysadmin Company - Santa Clara, CA
-----Original Message-----
From: Justin Kreger [mailto:lists at earthling.2y.net]
Sent: Thursday, June 07, 2001 2:45 PM
To: ctooley at amoa.org
Cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] Pushing pptpd through...
/sbin/iptables -A chainnamehere -m state -p all --state ESTABLISHED,RELATED
-j ACCEPT
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
On Thu, 7 Jun 2001 ctooley at amoa.org wrote:
>
>
>
>
> If it's not here then I'm not doing it. How do I do that?
>
> Chris
>
>
>
>
>
>
>
> Justin Kreger <lists at earthling.2y.net> on 06/07/2001 05:54:31 AM
>
>
>
> To: Chris Tooley/AMOA at AMOA
>
> cc: pptp-server at lists.schulte.org
>
>
>
> Subject Re: [pptp-server] Pushing pptpd through...
> :
>
>
>
>
>
>
>
>
>
> Are you setup to allow established, and related connections?
>
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
>
>
> On Wed, 6 Jun 2001 ctooley at amoa.org wrote:
>
> >
> >
> >
> >
> > I've got a gateway/router style firewall based on a 2.4 kernel. I'm
using
> > IPTables (somewhat reluctantly) and need to push pptp traffic through to
the
> > NAT'd server. Anyone got any good iptables based scripts to do that?
What I
> > have currently keeps timing out:
> >
> > #Allow pptpd connections (port 1723)
> > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \
> > --sport $PUBLICPORTS --dport 1723 -j ACCEPT
> > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> > /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT
> > /sbin/iptables -A INPUT -i ppp+ \
> > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> > /sbin/iptables -A OUTPUT -o ppp+ \
> > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> > echo "PPTP clients allowed"
> >
> > # Allow inbound pptpd connections to PoPToP - forward to pptp server
> > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723
--sport
> > $PUBLIC
> > PORTS -j DNAT --to $POPTOPSERVER
> > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to
> $POPTOPSERVER
> > /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT
> > /sbin/iptables -A FORWARD -p 47 -j ACCEPT
> > echo "PPTPD Server connections allowed"
> >
> > I'm pretty sure that there are some parts missing. Any help will be
> > appreciated.
> >
> > Chris Tooley
> >
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
>
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
_______________________________________________
pptp-server maillist - pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list