[pptp-server] Pptp is working, however something's wrong!
Steve Host
shost at intellimec.com
Tue Oct 16 08:14:53 CDT 2001
That's interesting. I origionally used -I and not until i changed it to -A
was I able to actually do anything on the client side (that being telnet to
a local unix server, or view shares inside the network, etc).
ipchains --list
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT tcp ------ anywhere anywhere any ->
1723
ACCEPT 47 ------ anywhere anywhere n/a
Chain forward (policy ACCEPT):
target prot opt source destination ports
MASQ all ------ 192.168.1.0/24 anywhere n/a
ACCEPT all ------ 192.168.1.0/24 10.99.9.0/24 n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ 10.99.9.0/24 anywhere n/a
ACCEPT tcp ------ anywhere anywhere 1723 ->
any
ACCEPT 47 ------ anywhere anywhere n/a
These are my rules..
notice lack of deny? =) My rules are pretty simple.. i haven't added too
much yet.
I'll reverse the order of my rules. and see what happens.
----- Original Message -----
From: "Jerry Vonau" <jvonau at home.com>
To: "Steve Host" <shost at intellimec.com>
Cc: <pptp-server at lists.schulte.org>
Sent: Monday, October 15, 2001 7:51 PM
Subject: Re: [pptp-server] Pptp is working, however something's wrong!
> Steve:
>
> Just a quick thought.. using the -A option with ipchains places it at
> the end of the rules.
> This line needs to be before any masq lines, or it may cause a problem.
> Connections from the
> lan would be masq'ed in error while connections from ppp are forwarded
> correctly.
> First match of rules wins.... need to see a little more of your rules.
>
> Jerry Vonau
>
>
>
> Steve Host wrote:
> >
> > Setup: Dialup clients, connecting via PPTP to Linux gateway.
> >
> > Current state: client can ping any internal addresses, it can also
browse
> > any computers and retrieve files. Printing over network is no problem.
> > Machines behind firewall on the LAN can not ping the clients assigned IP
> > address, thus they can't reach the client.
> >
> > Client also doesn't see all the machines by default on network
neighbourhood
> > (however //<name> works)
> >
> > I'm mostly concerned with the seemingly one way nature of the
connection,
> > and looking for possible causes of this.
> >
> > I've set the samba server to act as a WINS server, however only the
dialup
> > client is aware of the server. I don't believe this should make a
> > difference.
> >
> > Forwarding rules:
> >
> > /sbin/ipchains -A input -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
> > /sbin/ipchains -A input -p 47 -j ACCEPT
> >
> > /sbin/ipchains -A output -p TCP -s 0.0.0.0/0 1723 -j ACCEPT
> > /sbin/ipchains -A output -p 47 -j ACCEPT
> > /sbin/ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
> >
> > The last line is because the Client's IP range is 192.168.1.150-160
while
> > PC's are in the 192.168.1.20-30 range
> >
> > Thanks, folks.
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>
More information about the pptp-server
mailing list