Re: iptables and Poptop

All of lore.kernel.org
 help / color / mirror / Atom feed

From: netfilter@tommi.org
To: Justin Kay <jkay@nwrecc.org>
Cc: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
Subject: Re: iptables and Poptop
Date: Mon, 9 Dec 2002 20:04:35 +0000	[thread overview]
Message-ID: <20021209200435.GA31098@ok.is> (raw)
In-Reply-To: <11FE00AA8C43D311ABE3000629B0CB481398E1@DBSISERVER>

I belive this is a PPP issue, try looking up the ppp proxyarp
option.

- Tomas Edwardsson
- Unix/Linux Support
- Opin Kerfi HF

On Mon, Dec 09, 2002 at 11:26:30AM -0700, Justin Kay wrote:
> From: Justin Kay <jkay@nwrecc.org>
> To: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
> Subject: iptables and Poptop
> X-Mailer: Internet Mail Service (5.5.2653.19)
> Date: Mon, 9 Dec 2002 11:26:30 -0700
> 
> I am trying to set up a server as a firewall/vpn server.  I am using
> iptables 1.2.6a and poptop 1.1.3.  I can connect to the poptop server just
> fine from the internet.  I can ping to the 10.0.0.1 address that my poptop
> server uses on the internal interface from the poptop client, but I don't
> get any further that that.  I can't ping anything else internally (ten net
> addresses) and I can't ping out to the address issued to the poptop client
> from a LAN machine.  Any ideas on where to look?
> 
> Rules:
> 
> ########################## Policy Section #########################
> 
> $IPTABLES -P INPUT DROP
> $IPTABLES -P OUTPUT DROP
> $IPTABLES -P FORWARD DROP
> 
> ####################### User defined chains #####################
> 
> $IPTABLES -N icmp_packets
> 
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 8 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 3 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP -s $LAN_IP_RANGE -j ACCEPT
> 
> ########################## Input Section ################################
> 
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
> 
> $IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \
> 	-j ACCEPT
> $IPTABLES -A INPUT -p TCP --dport 1723 -j ACCEPT
> $IPTABLES -A INPUT -p 47 -j ACCEPT
> 
> $IPTABLES -A INPUT -i ppp+ -j ACCEPT
> 
> $IPTABLES -A INPUT -p ICMP -j icmp_packets
> 
> $IPTABLES -A INPUT -j LOG --log-prefix "INPUT chain "
> ########################### Forward Section #############################
> 
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 25 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 110 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 80 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 443 -j ACCEPT
> #$IPTABLES -A FORWARD -p ICMP -j icmp_packets
> $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> $IPTABLES -A FORWARD -i ppp+ -o $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -i $LAN_IFACE -o ppp+ -j ACCEPT
> 
> $IPTABLES -A FORWARD -j LOG --log-prefix "FORWARD chain "
> ########################### Output Section ###############################
> 
> $IPTABLES -A OUTPUT -p ALL -o ppp+ -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP2 -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT 
> 
> $IPTABLES -A OUTPUT -j LOG --log-prefix "OUTPUT packet died: "
> 
> ########################## end script ####################################
> 
> Justin

next prev parent reply	other threads:[~2002-12-09 20:04 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-09 18:26 iptables and Poptop Justin Kay
2002-12-09 20:04 ` netfilter [this message]
  -- strict thread matches above, loose matches on Subject: below --
2002-12-10 19:58 Justin Kay
2007-05-18 17:46 iptables and poptop Tiron Adrian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021209200435.GA31098@ok.is \
    --to=netfilter@tommi.org \
    --cc=jkay@nwrecc.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.