[pptp-server] Martian packets and NetBIOS problems
Joe Polcari
Joe at Polcari.com
Thu Oct 25 00:01:16 CDT 2001
Could someone translate this to iptables - I haven't been successful at doing
so myself.
Thanks, Joe
Matt Gavin wrote:
------8<--------
>
> As for Ipchains, someone posted this earlier in the week:
>
> # IP network address of the PPTP network
> PPTPLAN="192.168.0.245/32"
> PPTPIF="ppp+"
>
> # IP network address of the internal network
> INTLAN="192.168.0.0/24"
> INTIF="eth0"
>
> EXTIF="eth1"
>
> UNIVERSE="0.0.0.0/0"
>
> BROADCAST="255.255.255.255"
>
> SECUREHOST=<snip... I only connect to my server from one IP address -
> use UNIVERSE instead if you want it wide open>
>
> # PPTP traffic
> /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST -d
> $EXTIP 1723
> /sbin/ipchains -A input -p 47 -j ACCEPT
>
> /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST 1723
> -d $UNIVERSE
> /sbin/ipchains -A output -p 47 -j ACCEPT
>
> # PPTP: need to allow all incoming traffic on PPTPIF
> /sbin/ipchains -A input -i $PPTPIF -s $PPTPLAN -d $INTLAN -j ACCEPT
>
> # PPTP: need to allow all outgoing traffic on PPTPIF
> /sbin/ipchains -A output -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT
>
> # Enable TCP/IP forwarding between the PPTP network and the Internal LAN
> /sbin/ipchains -A forward -i $INTIF -s $PPTPLAN -d $INTLAN -j ACCEPT
> /sbin/ipchains -A forward -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT
>
> # DHCP traffic
> /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p udp -s $UNIVERSE bootpc
> -d $BROADCAST/0 bootps
> /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p tcp -s $UNIVERSE bootpc
> -d $BROADCAST/0 bootps
>
> # ICMP traffic (ping)
> /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p icmp -s $UNIVERSE -d
> $EXTIP
-----------8<------------
More information about the pptp-server
mailing list