[pptp-server] ppp-filtering - Ready to smash this thing! lol.

Dread Boy dreadboy at hotmail.com
Tue Mar 6 20:11:29 CST 2001 

OK, even though I've asked these questions before, I'm gonna try again in an 
attempt to get my PPTPD Linux server working perfectly.

I'm one step away, here, I'm sure of it.  Prior to obtaining the ipchains 
rules listed below in ip-up and ip-down, I was completely unable to see any 
machines on my VPN remotely.

Now, with everyone's help, I have indeed gotten further.  Thx to everyone so 
far.  Too many to list, but you know who you are.  =)

Now I can indeed see a list of Windoze/SMB server machine names on my remote 
Windoze system.  However, I can still only browse or use shares on either 
the SMB server I'm dialing into, or the remote workstation I'm using to 
dial-up.  I can not access anything else (or even ping by name or IP number) 
the other machines listed by the WINS server in my Network Neighborhood 
browse list.

I feel for sure, something is being blocked.  I know that SMB sharing 
definitely uses port 139, but I've also noticed that ports 137 and 138 are 
also used.  I don't know if this is it, but does anyone know why I would not 
even be able to ping other machines on the network?

- My network is 192.168.0.0/255.255.255.0
- localip is 88-95
- remoteip is 96-103

OK, so I've also noticed that although the remoteip shows up on ppp0 on the 
route table (192.168.0.96) the localip doesn't seem to be here...

Does anyone know for sure whether this is a routing problem?  ipchains is 
still Greek to me, somewhat, and I don't even really understand the concept 
of connecting on eth1 and having it turn into a ppp* interface, and how all 
three interfaces (including eth0) have to be configured to pass traffic 
along properly.

Thx.  Craig.

>route
255.255.255.255 *               255.255.255.255 UH    0      0        0 eth0
192.168.0.96    *               255.255.255.255 UH    0      0        0 ppp0
192.168.0.2     *               255.255.255.255 UH    0      0        0 eth0
<extip>         *               255.255.255.255 UH    0      0        0 eth1
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
<extnet>        *               255.255.252.0   U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         <extgw>         0.0.0.0         UG    0      0        0 eth1

--- /etc/ppp/ip-up ---
#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-up.local instead
LOGDEVICE=$6
REALDEVICE=$1
/sbin/ipchains -A input   -i $REALDEVICE -j ACCEPT
/sbin/ipchains -A output  -i $REALDEVICE -j ACCEPT
/sbin/ipchains -A forward -i $REALDEVICE -j ACCEPT
[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local $*
# Used for clustering heartbeat monitoring stuff.
[ -x /etc/ppp/ip-up.heart ] && /etc/ppp/ip-up.heart $*
/etc/sysconfig/network-scripts/ifup-post ifcfg-${LOGDEVICE}
exit 0

--- /etc/ppp/ip-down ---
#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-down.local instead
LOGDEVICE=$6
REALDEVICE=$1
/sbin/ipchains -D input   -i $REALDEVICE -j ACCEPT
/sbin/ipchains -D output  -i $REALDEVICE -j ACCEPT
/sbin/ipchains -D forward -i $REALDEVICE -j ACCEPT
[ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local $*
/etc/sysconfig/network-scripts/ifdown-post ifcfg-${LOGDEVICE}
exit 0

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

More information about the pptp-server mailing list