Multiple VPN Masquerading Works !! Thanks Everyone !

Multiple VPN Masquerading Works !! Thanks Everyone !

[Rommy Taslim]

Hi All,

I just want to thank you all for the time and help to get my multiple
vpn masquerading works.

Thanks to Harald Welte, Rob Sterenborg, Stewart Thompson, hard_ware
(till now I don't really know your name, sorry), and anyone else that I
forgot to mention here (sorry about that) but have been helpfull for me.

Turns out my problem was because my routing isn't right. The pptp server
should have a default gateway to the netfilter box (like hard_ware
said), and also in my iptables rules I need to set the default rules to
DROP for INPUT and OUTPUT. I guess it won't work if we have ACCEPT for
all INPUT and OUTPUT when we try to do DNAT (correct me if I'm wrong).

Well, that what I think. Sorry if I still got this all wrong. But the
main thing is my multiple vpn masquerading works fine now. Once again,
thanks to all of you guys that have spared some times to help me out. I
really appreciate it.

Regards,
Rommy

RE: Multiple VPN Masquerading Works !! Thanks Everyone !

[Stewart Thompson]

Rommy:

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Rommy Taslim
Sent: September 8, 2002 6:01 PM
To: netfilter@lists.netfilter.org
Subject: Multiple VPN Masquerading Works !! Thanks Everyone !

Hi All,

I just want to thank you all for the time and help to get my multiple
vpn masquerading works.

Thanks to Harald Welte, Rob Sterenborg, Stewart Thompson, hard_ware
(till now I don't really know your name, sorry), and anyone else that I
forgot to mention here (sorry about that) but have been helpfull for me.

Turns out my problem was because my routing isn't right. The pptp server
should have a default gateway to the netfilter box (like hard_ware
said), and also in my iptables rules I need to set the default rules to
DROP for INPUT and OUTPUT. I guess it won't work if we have ACCEPT for
all INPUT and OUTPUT when we try to do DNAT (correct me if I'm wrong).

Stu-This won't prevent things from working as long as you aren't trying to
forward and use the same ports on the Firewall Machine. Things won't
quite work the way you expect. Using the Drop Policy is just good
security. However, it is jut one facet of security. Disabling unused
functions, your hosts and access files etc are all part of it.

Well, that what I think. Sorry if I still got this all wrong. But the
main thing is my multiple vpn masquerading works fine now. Once again,
thanks to all of you guys that have spared some times to help me out. I
really appreciate it.
Glad to hear you got things straitened out.

Stu........



Regards,
Rommy

RE: Multiple VPN Masquerading Works !! Thanks Everyone !

[Rob Sterenborg]

[-- Attachment #1: Type: text/plain, Size: 806 bytes --]

> Turns out my problem was because my routing isn't right. The 
> pptp server
> should have a default gateway to the netfilter box (like hard_ware
Actually I forgot about that one, but yes... That's right.

> said), and also in my iptables rules I need to set the 
> default rules to
> DROP for INPUT and OUTPUT. I guess it won't work if we have ACCEPT for
> all INPUT and OUTPUT when we try to do DNAT (correct me if I'm wrong).
> 
What broke things for me once was :
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
Thought I was being smart, but I had asymetric routing :o)

Don't know about the default policy. I think it should also work with
ACCECT, but you don't want that anyway if DROP works.

But ehm.. You tried 2 pptp patches : from pom and from impsec.org
Which one have you got working ?


Rob

[-- Attachment #2: Type: text/html, Size: 1590 bytes --]

Re: Multiple VPN Masquerading Works !! Thanks Everyone !

[Roy Sigurd Karlsbakk]

> But ehm.. You tried 2 pptp patches : from pom and from impsec.org
> Which one have you got working ?

and - what kernel version did you use?
-- 
Roy Sigurd Karlsbakk, Datavaktmester
ProntoTV AS - http://www.pronto.tv/
Tel: +47 9801 3356

Computers are like air conditioners.
They stop working when you open Windows.

RE: Multiple VPN Masquerading Works !! Thanks Everyone !

[Rommy Taslim]

> > But ehm.. You tried 2 pptp patches : from pom and from impsec.org
> > Which one have you got working ?

> and - what kernel version did you use?

I got it working with the one from pom 020825 with iptables 1.2.7a and
kernel 2.4.19. I haven't try the one from impsec.org though.. Maybe I'll
try that in the future... maybe.. :)

Rommy