[pptp-server] ppp forwarding - more questions...
Dread Boy
dreadboy at hotmail.com
Thu Mar 1 21:42:09 CST 2001
>From: Jerry Vonau <jvonau at home.com>
>To: Dread Boy <dreadboy at hotmail.com>
>CC: pptp-server at lists.schulte.org
>Subject: Re: [pptp-server] ppp forwarding - more questions...
>Date: Wed, 28 Feb 2001 21:30:15 -0600
>
>Dread Boy:
>
>This is what I use in ip-up.local:
>
>/sbin/ipchains -I input -i eth1 -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I output -i eth1 -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I forward -i eth1 -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I input -i ppp+ -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I output -i ppp+ -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I forward -i ppp+ -d 10.0.0.0/8 -s 10.0.0.0/8 -j ACCEPT
>
>Make sure that there is an entry in the /var/log/messages, when the link is
>brought up, that says:
>
>Feb 2 20:05:59 vvvvvvv pppd[23097]: found interface eth? for proxy arp
>
>If not you won't see jack past the pptp server. The cause is the remote ip
>that is not in the same range as the local lan that it can use for
>proxyarp.
OK. A few more questions:
1) Which scripts actually run when you connect? ip-up, ip-up.local, or
both?
2) How do I drop the ipchains rules after hanging up?
3) Are the "drop" rules to go into ip-down.local?
4) How does ppp know which script to use?
>
>In pptp.conf are the local and remote ip on the same address range?
>ie:
>local 192.168.0.1
>remote 192.168.0.111-121
Yes, local 192.168.0.200-215, remote 192.168.0.216-231
>
>If not the proxyarp will fail and you'll have to add the arp statement
>in ip-up.local.
>
>You have proxyarp in the options file?
Yes.
>
>Jerry Vonau
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
More information about the pptp-server
mailing list