[pptp-server] strange packets rejected by my firewall

Jerry Vonau jvonau at home.com
Sun Oct 21 19:25:06 CDT 2001


Jeff Shanholtz wrote:
> Jerry, you forgot to reply to the list, so I'm bringing this back
> on-list.
> The client (my work computer) is XP and it only has one nic, but it just
> occurred to me when I started this reply that the client runs VMware, so
> perhaps one or both of the addresses I mentioned are coming from it's
> virtual nic(s). My work's subnet is, so it must be VMware.
> I'll have to check to see what IP's are involved with Vmware tomorrow
> when I'm at work. I'll post back to the list when I find out...

That makes sense to me.

> BTW, to answer your questions, my vpn server isn't assigning a gateway
> to the client, so that shouldn't be an issue.

That does not prevent the "use default gateway on remote" from being
in the advance properties on the client. That routes all traffic up the

> And here are the relevant
> logs from ipchains (eth0 is my internal card and is the
> address assigned to the vpn client). I don't see much relevance to
> detailing my firewall rules because my problem isn't in configuring my
> firewall (I could easily enable this traffic if necessary), plus there
> are just too many rules (it's based on David Ranch's TrinityOS script).

I like David Ranch's stuff, used alot of his examples, except that I
the rules by services required instead of input output. Makes for an
read when you haven't looked at it for a few months. Just my preference.

Why I was asking about the firewall script because that traffic should
rejected at the ppp interface, the internal nic should not even see that
traffic. If your doing something like:

/sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s 0/0 -d 0/0 

then all the traffic is allowed to pass. I use:

/sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s $INTLAN -d $INTLAN

just the lan traffic is allowed to pass, and the rejects are tied to the 
ppp interface involved. Just my thoughts..

Jerry Vonau

More information about the pptp-server mailing list