RE: Problems w/ Linux firewall and Windows VPN

[Stephen Touset <stephen@touset.org>]

[-- Attachment #1: Type: text/plain, Size: 5635 bytes --]

On Fri, 2004-01-02 at 08:51, Sneppe Filip wrote:
> Hi Stephen,
>  
> I am replying privately because I currently have only MS Outlook Web
> Access to my
> mailbox and hence am replying with html mail. My appologies. I don't
> want to annoy
> the list with this, so ...

Fair 'nuff ;)
 
> What IP adress and subnet mask is your mother getting from the pptp
> server ?

She gets an IP in the 10.0.58.0/24 range it seems. I just tried now, and
her IP address was 10.0.58.101, with a subnet mask of 255.255.255.255.

> Are you using dhcp on your local subnet (192.168.0.0/16 or whatever).

Yes.
 
> After a quick peek at the captures, some intriguing things are:
>  
> - the dhcp traffic that needs several attempts on the local network.

Yeah--I'm currently in the process of adding things to the network.
Right now, my firewall is handing out DHCP leases. However, there's an
awkward interaction between iptables and DHCP. I'm not quite sure what's
causing it. Want a copy of my iptables script?

>   It should be interesting to use a static ip address 192.168.1.102
> just to
>   test.

I'll try that in a few minutes. Thanks for the suggestion.

> - more intriguing: after the tunnel is set up, after you've renewed
> your dhcp
>   address 192.168.1.102, your mother's machine repeatedly tries to
>   contact 10.... addresses (dns and kerberos servers), but there is no
>   reply. I assume those are IP adresses from your mother's company's
> network ?

They seem to be.

>   The internal and external capture show that this traffic is not
> going through the
>   pptp tunnel.

You know, I'd noticed that but no flags had popped up in my head. I
should have realized that that sort of traffic ought to be in the GRE
tunnel.

>   I think this may be the cause to your (mother's) problems.
>   Could this be because your mother's computer is not using the 
>   gateway given by the pptp server to route packets to the 10....
> network ?

You know, that sounds awfully feasible. The tunnel is being connected,
she refreshes the DHCP lease, and then traffic supposed to go through
the tunnel starts going through our gateway rather than her PPTP one.

>   Can you go to the properties of the pptp connection of your mother's
> machine,
>   then go to the "networking" tab, select "tcp/ip" and click on
> "properties".
>   then click on "advanced". there, on the general tab, does it say
> "use default gateway
>   on remote network" ?

It does.
 
>   This setting may be the cause of your problems.

Alright, I'll give that a whirl, too.
 
>   If not, can you give a little more info, like the output
> fro; "ipconfig /all" and 
>   "route print" when you've established a pptp tunnel.

C:\Documents and Settings\stouset>ipconfig /all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : STouset-W2KHT
        Primary DNS Suffix  . . . . . . . : usatlnt.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : mapics.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : advlog.com
        Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI
TX NIC
(3C905B-TX) #3
        Physical Address. . . . . . . . . : 00-10-5A-0C-25-E0
        DHCP Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.102
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 205.152.37.254
                                            205.152.144.235
        NetBIOS over Tcpip. . . . . . . . : Disabled
        Lease Obtained. . . . . . . . . . : Friday, January 02, 200
3:29:19 PM
        Lease Expires . . . . . . . . . . : Friday, January 02, 200
3:39:19 PM

C:\Documents and Settings\stouset>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0xf000003 ...00 10 5a 0c 25 e0 ...... 3Com EtherLink PCI
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0      192.168.1.1  192.168.1.102      
1
        127.0.0.0        255.0.0.0        127.0.0.1      127.0.0.1      
1
      192.168.1.0    255.255.255.0    192.168.1.102  192.168.1.102      
1
    192.168.1.102  255.255.255.255        127.0.0.1      127.0.0.1      
1
    192.168.1.255  255.255.255.255    192.168.1.102  192.168.1.102      
1
        224.0.0.0        224.0.0.0    192.168.1.102  192.168.1.102      
1
  255.255.255.255  255.255.255.255    192.168.1.102  192.168.1.102      
1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\stouset>

> Hope this helps somehow. Either way, the packets going to the 10....
> network
> via the internet is definately something wrong you want to have
> fixed...

I appreciate the help. I'm CCing it back to the Debian list, so others
will have a chance to see this.

-- 
Stephen Touset <stephen@touset.org>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]