[pptp-server] ppp-filtering - Ready to smash this thing! lol.
Nick Rout
nick at taxlawyer.co.nz
Wed Mar 7 02:36:41 CST 2001
do you have ip-forwarding enabled in the server machine?
cat /proc/sys/net/ipv4/ip_forward
if its zero, thats your problem. It needs to be one to forward traffic from
your lan (ethx) to your pptpd tunnel (ethx).
echo "1" > /proc/sys/net/ipv4/ip_forward
is the fix
--On Tuesday, 6 March 2001 19:11 -0700 Dread Boy <dreadboy at hotmail.com>
wrote:
> OK, even though I've asked these questions before, I'm gonna try again in
> an attempt to get my PPTPD Linux server working perfectly.
>
> I'm one step away, here, I'm sure of it. Prior to obtaining the ipchains
> rules listed below in ip-up and ip-down, I was completely unable to see
> any machines on my VPN remotely.
>
> Now, with everyone's help, I have indeed gotten further. Thx to everyone
> so far. Too many to list, but you know who you are. =)
>
> Now I can indeed see a list of Windoze/SMB server machine names on my
> remote Windoze system. However, I can still only browse or use shares on
> either the SMB server I'm dialing into, or the remote workstation I'm
> using to dial-up. I can not access anything else (or even ping by name
> or IP number) the other machines listed by the WINS server in my Network
> Neighborhood browse list.
>
> I feel for sure, something is being blocked. I know that SMB sharing
> definitely uses port 139, but I've also noticed that ports 137 and 138
> are also used. I don't know if this is it, but does anyone know why I
> would not even be able to ping other machines on the network?
>
> - My network is 192.168.0.0/255.255.255.0
> - localip is 88-95
> - remoteip is 96-103
>
> OK, so I've also noticed that although the remoteip shows up on ppp0 on
> the route table (192.168.0.96) the localip doesn't seem to be here...
>
> Does anyone know for sure whether this is a routing problem? ipchains is
> still Greek to me, somewhat, and I don't even really understand the
> concept of connecting on eth1 and having it turn into a ppp* interface,
> and how all three interfaces (including eth0) have to be configured to
> pass traffic along properly.
>
> Thx. Craig.
>
>> route
> 255.255.255.255 * 255.255.255.255 UH 0 0 0
> eth0 192.168.0.96 * 255.255.255.255 UH 0 0
> 0 ppp0 192.168.0.2 * 255.255.255.255 UH 0 0
> 0 eth0 <extip> * 255.255.255.255 UH 0 0
> 0 eth1 192.168.0.0 * 255.255.255.0 U 0 0
> 0 eth0 <extnet> * 255.255.252.0 U 0 0
> 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0
> 0 lo default <extgw> 0.0.0.0 UG 0 0
> 0 eth1
>
> --- /etc/ppp/ip-up ---
> #!/bin/bash
> # This file should not be modified -- make local changes to
> # /etc/ppp/ip-up.local instead
> LOGDEVICE=$6
> REALDEVICE=$1
> /sbin/ipchains -A input -i $REALDEVICE -j ACCEPT
> /sbin/ipchains -A output -i $REALDEVICE -j ACCEPT
> /sbin/ipchains -A forward -i $REALDEVICE -j ACCEPT
> [ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local $*
> # Used for clustering heartbeat monitoring stuff.
> [ -x /etc/ppp/ip-up.heart ] && /etc/ppp/ip-up.heart $*
> /etc/sysconfig/network-scripts/ifup-post ifcfg-${LOGDEVICE}
> exit 0
>
> --- /etc/ppp/ip-down ---
> #!/bin/bash
> # This file should not be modified -- make local changes to
> # /etc/ppp/ip-down.local instead
> LOGDEVICE=$6
> REALDEVICE=$1
> /sbin/ipchains -D input -i $REALDEVICE -j ACCEPT
> /sbin/ipchains -D output -i $REALDEVICE -j ACCEPT
> /sbin/ipchains -D forward -i $REALDEVICE -j ACCEPT
> [ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local $*
> /etc/sysconfig/network-scripts/ifdown-post ifcfg-${LOGDEVICE}
> exit 0
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list