PPTP and IPTABLES

I have setup the PPTP server successfully. However, I got problems in
touching the external network.

Network Class: 192.168.1.0/24
eth0 for internet and intranet
ppp+ for PPPD use

here is the iptables below:

iptables -F
iptables -t nat -F

/bin/echo 1 > /proc/sys/net/ipv4/ip_forward


# Enable Masquerading to allow LAN internet access
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j DROP

# Internal Network
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0 -d 192.168.1.0/24 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# HTTP
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Pop3
iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# Newsd
iptables -A INPUT -p tcp -m tcp --dport 119 -j ACCEPT
#
# Samba Config
#
iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/255.255.255.0 --dport
139 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 192.168.1.0/255.255.255.0 --dport
137 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 192.168.1.0/255.255.255.0 --dport
138 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/255.255.255.0 --dport
445 -j ACCEPT
# IMAP
iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
# PPTPD
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT

# DNS Server can touch me
iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 0:1023 -j DROP
iptables -A INPUT -p udp -m udp --dport 0:1023 -j DROP

iptables -A FORWARD -j DROP


Can anyone help me?

I am able to connect to the PPTP server using Windows XP machine, and I
am able to touch the internal network (192.168.1.0).
I have installed ethreal and here is the log:
1 0.0 192.168.1.240 209.171.52.99 TCP 2628 > http [SYN] Seq=0
Len=0 MSS=1360


It seems that the syn packet cannot be forwarded to the targted HTTP
server.


Thanks,
Marquis

On Wed, 03 May 2006 09:19:38 -0700, Marquis wrote:

> I have setup the PPTP server successfully. However, I got problems in
> touching the external network.
>
> iptables -A FORWARD -j DROP
>
> Can anyone help me?
>
> I am able to connect to the PPTP server using Windows XP machine, and I
> am able to touch the internal network (192.168.1.0).
> I have installed ethreal and here is the log:
> 1 0.0 192.168.1.240 209.171.52.99 TCP 2628 > http [SYN] Seq=0
> Len=0 MSS=1360
>
>
> It seems that the syn packet cannot be forwarded to the targted HTTP
> server.

If this box is going to be used as a gateway only box then you are going
to have to change the 'INPUT' to 'FORWARD' The last line isn't forwarding
anything thus you are not getting past the first interface that you are
connected to.

If this box is also going to be used then you will need to add 'FORWARD'
statements as needed to get out to the services you want to get to.


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----