[pptp-server] Pptp is working, however something's wrong!

Steve Host shost at intellimec.com
Tue Oct 16 10:31:24 CDT 2001 

Here's my rules:
Chain input (policy ACCEPT):
num  target     prot opt     source                destination
ports
1    ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723
2    ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a
Chain forward (policy ACCEPT):
num  target     prot opt     source                destination
ports
1    MASQ       all  ------  192.168.1.0/24         0.0.0.0/0
n/a
2    ACCEPT     all  ------  192.168.1.0/24         192.168.1.0/24
n/a
Chain output (policy ACCEPT):
num  target     prot opt     source                destination
ports
1    ACCEPT     all  ------  10.99.9.0/24       0.0.0.0/0             n/a
2    ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0
            1723 ->  *
3    ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a

I've re-arranged the chain forward MASQ rule to be first and second in that
chain, and with MASQ FIRST my clients can ping any host in the internal
network. When i put MASQ second in the chain client cannot ping any hosts.

Internally I can't ping the client from LAN with either arrangement of masq
chain forward rule.

Note i've tried to delete rule 1 of output chain, it won't delete it. It
should be irrelevant anyway.

----- Original Message -----
From: "Jerry Vonau" <jvonau at home.com>
To: "Steve Host" <shost at intellimec.com>
Cc: <pptp-server at lists.schulte.org>
Sent: Monday, October 15, 2001 7:51 PM
Subject: Re: [pptp-server] Pptp is working, however something's wrong!


> Steve:
>
> Just a quick thought.. using the -A option with ipchains places it at
> the end of the rules.
> This line needs to be before any masq lines, or it may cause a problem.
> Connections from the
> lan would be masq'ed in error while connections from ppp are forwarded
> correctly.
> First match of rules wins.... need to see a little more of your rules.
>
> Jerry Vonau
>
>
>
> Steve Host wrote:
> >
> > Setup: Dialup clients, connecting via PPTP to Linux gateway.
> >
> > Current state: client can ping any internal addresses, it can also
browse
> > any computers and retrieve files. Printing over network is no problem.
> > Machines behind firewall on the LAN can not ping the clients assigned IP
> > address, thus they can't reach the client.
> >
> > Client also doesn't see all the machines by default on network
neighbourhood
> > (however //<name> works)
> >
> > I'm mostly concerned with the seemingly one way nature of the
connection,
> > and looking for possible causes of this.
> >
> > I've set the samba server to act as a WINS server, however only the
dialup
> > client is aware of the server. I don't believe this should make a
> > difference.
> >
> > Forwarding rules:
> >
> > /sbin/ipchains -A input -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
> > /sbin/ipchains -A input -p 47 -j ACCEPT
> >
> > /sbin/ipchains -A output -p TCP -s 0.0.0.0/0 1723 -j ACCEPT
> > /sbin/ipchains -A output -p 47 -j ACCEPT
> > /sbin/ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
> >
> > The last line is because the Client's IP range is 192.168.1.150-160
while
> > PC's are in the 192.168.1.20-30 range
> >
> > Thanks, folks.
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

More information about the pptp-server mailing list