[pptp-server] Martian packets and NetBIOS problems

robert berzerke at swbell.net
Thu Oct 25 09:00:56 CDT 2001 

There is a pptpd enabled sample iptables firewall at 
http://home.swbell.net/berzerke

On Thursday 25 October 2001 12:01 am, Joe Polcari wrote:
> Could someone translate this to iptables - I haven't been successful at
> doing so myself.
>
> Thanks, Joe
>
> Matt Gavin wrote:
>
> ------8<--------
>
> > As for Ipchains, someone posted this earlier in the week:
> >
> > # IP network address of the PPTP network
> > PPTPLAN="192.168.0.245/32"
> > PPTPIF="ppp+"
> >
> > # IP network address of the internal network
> > INTLAN="192.168.0.0/24"
> > INTIF="eth0"
> >
> > EXTIF="eth1"
> >
> > UNIVERSE="0.0.0.0/0"
> >
> > BROADCAST="255.255.255.255"
> >
> > SECUREHOST=<snip... I only connect to my server from one IP address -
> > use UNIVERSE instead if you want it wide open>
> >
> > # PPTP traffic
> > /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST -d
> > $EXTIP 1723
> > /sbin/ipchains -A input -p 47 -j ACCEPT
> >
> > /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST 1723
> > -d $UNIVERSE
> > /sbin/ipchains -A output -p 47 -j ACCEPT
> >
> > # PPTP: need to allow all incoming traffic on PPTPIF
> > /sbin/ipchains -A input -i $PPTPIF -s $PPTPLAN -d $INTLAN -j ACCEPT
> >
> > # PPTP: need to allow all outgoing traffic on PPTPIF
> > /sbin/ipchains -A output -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT
> >
> > # Enable TCP/IP forwarding between the PPTP network and the Internal LAN
> > /sbin/ipchains -A forward -i $INTIF -s $PPTPLAN -d $INTLAN -j ACCEPT
> > /sbin/ipchains -A forward -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT
> >
> > # DHCP traffic
> > /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p udp -s $UNIVERSE bootpc
> > -d $BROADCAST/0 bootps
> > /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p tcp -s $UNIVERSE bootpc
> > -d $BROADCAST/0 bootps
> >
> > # ICMP traffic (ping)
> > /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p icmp -s $UNIVERSE -d
> > $EXTIP
>
> -----------8<------------
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list