From: Alan Chung (alan@silveregg.co.jp)
Date: Thu Sep 28 2000 - 19:59:12 PDT
Hi, everyone,
I am really hoping if anyone can help me with this problem about ipchains.
Hi,
I hope someone out there can help me with this.
I have a pptp server behind a ipchains linux firewall. The following is my
setup:
210.12.130.172 --> internal pptp server's external IP (an IP alias on
firewall)
210.12.130.0/24 --> network/mask of firewall
192.168.0.5 --> internal pptp server's internal IP
# port forwarding for 1723
ipmasqadm portfw -a -P tcp -L 210.12.130.172 1723 -R 192.168.0.5 1723
# redirect protocol 47
/usr/local/sbin/ipfwd --masq --syslog 192.168.0.5 47 &
# ipchains part for VPN
$IPCHAINS -A input -p tcp -s 0/0 -d 210.12.130.0/24 1723 -j ACCEPT
$IPCHAINS -A input -p 47 -s 0/0 -d 210.12.130.0/24 -j ACCEPT
$IPCHAINS -A output -p tcp -s 210.12.130.0/24 -d 0/0 1723 -j ACCEPT
$IPCHAINS -A output -p 47 -s 210.12.130.0/24 -d 0/0 -j ACCEPT
$IPCHAINS -A forward -p tcp -s 192.168.0.5/24 -d 210.12.130.172/24 1723 -j MASQ
$IPCHAINS -A forward -p 47 -s 192.168.0.5/24 -d
210.12.130.172/24 -j MASQ
I have patched ip_vpn_masq and compiled my kernel 2.2.14 already and
everything looks just fine for me. When I tried to connect to the internal
pptp server from outside through the ipchains box, it seems that conection
was built (tail -f /var/log/messages on pptp server) but got a 650 error
which means 47 and 1723 is not going through properly. Does anyone have a
similar experience?
Looking for help and any feekback is appreciated.
Alan
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:36:37 PDT