[pptp-server] ppp-filtering - Ready to smash this thing! lol.
Dread Boy
dreadboy at hotmail.com
Wed Mar 7 03:44:24 CST 2001
Thx for the advice. Will try again tomorrow.
It looks like it makes sense. I would never have thought that one would
have to forward packets along the same interface since Samba doesn't require
this to see other machines locally.
I figured that as soon as you acquire a localip address and since the
machine name shows up in NetHood that you were into the LAN. Also, what
confused me was that the pptpd server was ok to access.
Thx.
>From: Jerry Vonau <jvonau at home.com>
>To: Dread Boy <dreadboy at hotmail.com>
>Subject: Re: [pptp-server] ppp-filtering - Ready to smash this thing! lol.
>Date: Wed, 07 Mar 2001 03:31:51 -0600
>
>Craig:
>
>try:
>
>ipchains -I input -i $REALDEVICE -j ACCEPT
>ipchains -I output -i $REALDEVICE -j ACCEPT
>ipchains -I forward -i $REALDEVICE -j ACCEPT
>ipchains -I forward -i eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
>
>reverse then in the down file.
>
>
>To grab some quick debug logging, to the bottom of your rc.firewall add:
>ipchains -A input deny -l
>ipchains -A output deny -l
>ipchains -A forward deny -l
>
>This will cause all the deny hits to be recorded in /var/log/messages
>
>
>Jerry
>
>
>Dread Boy wrote:
>
> > So, Jerry, should I be using the following 5 lines in ip-up?
> >
> > ipchains -I input -i $REALDEVICE -j ACCEPT
> > ipchains -I output -i $REALDEVICE -j ACCEPT
> > ipchains -I forward -i $REALDEVICE -j MASQ
> > ipchains -I forward -i $intif -s $intnet -d $intnet -j ACCEPT
> > ipchains -I forward -i $extif -s $intnet -d $any -j MASQ
> >
> > (And of course -D inverse rules for ip-down?)
> >
> > Right now in /etc/ppp/ip-up I have:
> >
> > ipchains -A input -i $REALDEVICE -j ACCEPT
> > ipchains -A output -i $REALDEVICE -j ACCEPT
> > ipchains -A forward -i $REALDEVICE -j MASQ
> >
> > Also, you say I should only have one single localip instead of a
>matching
> > number of entries for the remoteip range?
> >
> > Thx. Craig. =)
> >
>
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
More information about the pptp-server
mailing list