[pptp-server] can't get through firewall

[Jeff Shanholtz]

I've set up poptop, ppp, and my kernel for 128 bit encryption according
to the  document. However I can't seem to get through the firewall.
First I tried the "simple" firewall script given in the "2.4 Kernel
Howto (Robert)" document with no luck, and since that script doesn't set
up any reject logging, I then tried the "complete" firewall script he
mentions (http://home.swbell.net/berzerke). I still can't connect, but
now I'm getting some log information which has me a little puzzled.

Aug 20 23:30:09 antishane kernel: Input packet droppedIN=eth1 OUT=
MAC=00:20:af:a3:ea:67:00:80:48:db:39:80:08:00 SRC=4.18.238.25
DST=4.18.238.26 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6479 DF PROTO=TCP
SPT=4725 DPT=1723 WINDOW=16384 RES=0x00 SYN URGP=0

The first line of the pptpd section should cause that packet to be
allowed as far as I can tell. Can someone point out the problem? $EXTINT
is set to "eth1" and $PUBLICPORTS is set to "1024:65535"

#Allow pptpd connections (port 1723)
/sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \
        --sport $PUBLICPORTS --dport 1723 -j ACCEPT
/sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
/sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT
/sbin/iptables -A INPUT  -i $EXTINT -p 47 -j ACCEPT
/sbin/iptables -A INPUT  -i ppp+ \
        -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
/sbin/iptables -A OUTPUT -o ppp+ \
        -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
/sbin/iptables -A FORWARD -i ppp+ -o $EXTINT -p 47 \
        -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
/sbin/iptables -A FORWARD -o ppp+ -i $EXTINT -p 47 \
        -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -j LOG --log-level info \
        --log-prefix "PreNat logging after pptpd."
#Rules to allow surfing
/sbin/iptables -A FORWARD -i ppp+ -o $EXTINT -s $LOCALNETWORK \
        -j ACCEPT
/sbin/iptables -A FORWARD -o ppp+ -i $EXTINT -d $LOCALNETWORK \
        -j ACCEPT
echo "PPTPD allowed"