[pptp-server] Pushing pptpd through.

Justin Kreger lists at earthling.2y.net
Fri Jun 8 05:08:03 CDT 2001 

related would be like opening ftp-data when you request a file from a ftp
server....  established.... *shrug* I dunno.... I need coffee... The
IPTable's man file lays it out pritty well.  I think there is also inital
and something else for the state tracking system.

Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net


On Thu, 7 Jun 2001, Scott Stone wrote:

> 
> 
> 
> how is this different than telling iptables to allow tcp in the !-syn state
> (ie, not a SYN packet)?  isn't that what established/related does?
> 
> -----------------------------------------------------
> Scott M. Stone <sstone at taos.com>
> Senior Technical Consultant - UNIX and Networking
> Taos, the Sysadmin Company - Santa Clara, CA
> 
> 
> -----Original Message-----
> From: Justin Kreger [mailto:lists at earthling.2y.net]
> Sent: Thursday, June 07, 2001 2:45 PM
> To: ctooley at amoa.org
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Pushing pptpd through...
> 
> 
> 
> 
> /sbin/iptables -A chainnamehere -m state -p all --state ESTABLISHED,RELATED
> -j ACCEPT
> 
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
> 
> 
> On Thu, 7 Jun 2001 ctooley at amoa.org wrote:
> 
> > 
> > 
> > 
> > 
> > If it's not here then I'm not doing it.  How do I do that?
> > 
> > Chris
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > Justin Kreger <lists at earthling.2y.net> on 06/07/2001 05:54:31 AM
> >                                                               
> >                                                               
> >                                                               
> >   To:          Chris Tooley/AMOA at AMOA                         
> >                                                               
> >   cc:          pptp-server at lists.schulte.org                  
> >                                                               
> >                                                               
> >                                                               
> >   Subject      Re: [pptp-server] Pushing pptpd through...     
> >   :                                                           
> >                                                               
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > Are you setup to allow established, and related connections?
> > 
> > Justin Kreger, MCP MCSE CCNA
> > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
> > 
> > 
> > On Wed, 6 Jun 2001 ctooley at amoa.org wrote:
> > 
> > >
> > >
> > >
> > >
> > > I've got a gateway/router style firewall based on a 2.4 kernel.  I'm
> using
> > > IPTables (somewhat reluctantly) and need to push pptp traffic through to
> the
> > > NAT'd server.  Anyone got any good iptables based scripts to do that?
> What I
> > > have currently keeps timing out:
> > >
> > > #Allow pptpd connections (port 1723)
> > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \
> > >         --sport $PUBLICPORTS --dport 1723 -j ACCEPT
> > > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> > > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
> > > /sbin/iptables -A INPUT  -i $EXTINT -p 47 -j ACCEPT
> > > /sbin/iptables -A INPUT  -i ppp+ \
> > >         -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> > > /sbin/iptables -A OUTPUT -o ppp+ \
> > >         -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
> > > echo "PPTP clients allowed"
> > >
> > > # Allow inbound pptpd connections to PoPToP - forward to pptp server
> > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport 1723
> --sport
> > > $PUBLIC
> > > PORTS -j DNAT --to $POPTOPSERVER
> > > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p 47 -j DNAT --to
> > $POPTOPSERVER
> > > /sbin/iptables -A FORWARD -p TCP --dport 1723 --sport 1723 -j ACCEPT
> > > /sbin/iptables -A FORWARD -p 47 -j ACCEPT
> > > echo "PPTPD Server connections allowed"
> > >
> > > I'm pretty sure that there are some parts missing.  Any help will be
> > > appreciated.
> > >
> > > Chris Tooley
> > >
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> > >
> > 
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> > 
> > 
> > 
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> > 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>

More information about the pptp-server mailing list