[pptp-server] ppp forwarding - more questions...

George Vieira GeorgeV at citadelcomputer.com.au
Thu Mar 1 22:29:53 CST 2001 

PPD uses these scripts by default.
ip-up.local is called by ip-up  (look at the script and see)
to kill the chains use the -D option with the complete rule as the one
added.. it'll match it and kill it..
put the drop rules in ip-down.local

use the ipparam in pppd options and give it a name like

ipparam pptp


then in ip-up/down.local you can say..

if [ "$6" = "pptp" ];then
	echo "PPTP script enabled" >> /var/log/mesages
	ipchains -D ...............
fi


thanks,
George Vieira


-----Original Message-----
From: Dread Boy [mailto:dreadboy at hotmail.com]
Sent: Friday, March 02, 2001 2:42 PM
To: jvonau at home.com; pptp-server at lists.schulte.org
Subject: Re: [pptp-server] ppp forwarding - more questions...


>From: Jerry Vonau <jvonau at home.com>
>To: Dread Boy <dreadboy at hotmail.com>
>CC: pptp-server at lists.schulte.org
>Subject: Re: [pptp-server] ppp forwarding - more questions...
>Date: Wed, 28 Feb 2001 21:30:15 -0600
>
>Dread Boy:
>
>This is what I use in ip-up.local:
>
>/sbin/ipchains -I input -i eth1 -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I output -i eth1 -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I forward -i eth1 -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I input -i ppp+ -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I output -i ppp+ -b -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
>/sbin/ipchains -I forward -i ppp+ -d 10.0.0.0/8 -s 10.0.0.0/8 -j ACCEPT
>
>Make sure that there is an entry in the /var/log/messages, when the link is
>brought up, that says:
>
>Feb  2 20:05:59 vvvvvvv pppd[23097]: found interface eth? for proxy arp
>
>If not you won't see jack past the pptp server. The cause is the remote ip
>that is not in the same range as the local lan that it can use for 
>proxyarp.

OK.  A few more questions:

1) Which scripts actually run when you connect?  ip-up, ip-up.local, or 
both?

2) How do I drop the ipchains rules after hanging up?

3) Are the "drop" rules to go into ip-down.local?

4) How does ppp know which script to use?

>
>In pptp.conf are the local and remote ip on the same address range?
>ie:
>local 192.168.0.1
>remote 192.168.0.111-121

Yes, local 192.168.0.200-215, remote 192.168.0.216-231

>
>If not the proxyarp will fail and you'll have to add the arp statement
>in  ip-up.local.
>
>You have proxyarp in the options file?

Yes.

>
>Jerry Vonau

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list