* iptables and Poptop
@ 2002-12-09 18:26 Justin Kay
2002-12-09 20:04 ` netfilter
0 siblings, 1 reply; 4+ messages in thread
From: Justin Kay @ 2002-12-09 18:26 UTC (permalink / raw)
To: Netfilter (E-mail)
I am trying to set up a server as a firewall/vpn server. I am using
iptables 1.2.6a and poptop 1.1.3. I can connect to the poptop server just
fine from the internet. I can ping to the 10.0.0.1 address that my poptop
server uses on the internal interface from the poptop client, but I don't
get any further that that. I can't ping anything else internally (ten net
addresses) and I can't ping out to the address issued to the poptop client
from a LAN machine. Any ideas on where to look?
Rules:
########################## Policy Section #########################
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
####################### User defined chains #####################
$IPTABLES -N icmp_packets
$IPTABLES -A icmp_packets -p ICMP --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP --icmp-type 3 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s $LAN_IP_RANGE -j ACCEPT
########################## Input Section ################################
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -p TCP --dport 1723 -j ACCEPT
$IPTABLES -A INPUT -p 47 -j ACCEPT
$IPTABLES -A INPUT -i ppp+ -j ACCEPT
$IPTABLES -A INPUT -p ICMP -j icmp_packets
$IPTABLES -A INPUT -j LOG --log-prefix "INPUT chain "
########################### Forward Section #############################
$IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 25 -j ACCEPT
$IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 110 -j ACCEPT
$IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 443 -j ACCEPT
#$IPTABLES -A FORWARD -p ICMP -j icmp_packets
$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i ppp+ -o $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $LAN_IFACE -o ppp+ -j ACCEPT
$IPTABLES -A FORWARD -j LOG --log-prefix "FORWARD chain "
########################### Output Section ###############################
$IPTABLES -A OUTPUT -p ALL -o ppp+ -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP2 -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -j LOG --log-prefix "OUTPUT packet died: "
########################## end script ####################################
Justin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: iptables and Poptop
2002-12-09 18:26 iptables and Poptop Justin Kay
@ 2002-12-09 20:04 ` netfilter
0 siblings, 0 replies; 4+ messages in thread
From: netfilter @ 2002-12-09 20:04 UTC (permalink / raw)
To: Justin Kay; +Cc: Netfilter (E-mail)
I belive this is a PPP issue, try looking up the ppp proxyarp
option.
- Tomas Edwardsson
- Unix/Linux Support
- Opin Kerfi HF
On Mon, Dec 09, 2002 at 11:26:30AM -0700, Justin Kay wrote:
> From: Justin Kay <jkay@nwrecc.org>
> To: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
> Subject: iptables and Poptop
> X-Mailer: Internet Mail Service (5.5.2653.19)
> Date: Mon, 9 Dec 2002 11:26:30 -0700
>
> I am trying to set up a server as a firewall/vpn server. I am using
> iptables 1.2.6a and poptop 1.1.3. I can connect to the poptop server just
> fine from the internet. I can ping to the 10.0.0.1 address that my poptop
> server uses on the internal interface from the poptop client, but I don't
> get any further that that. I can't ping anything else internally (ten net
> addresses) and I can't ping out to the address issued to the poptop client
> from a LAN machine. Any ideas on where to look?
>
> Rules:
>
> ########################## Policy Section #########################
>
> $IPTABLES -P INPUT DROP
> $IPTABLES -P OUTPUT DROP
> $IPTABLES -P FORWARD DROP
>
> ####################### User defined chains #####################
>
> $IPTABLES -N icmp_packets
>
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 8 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 3 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP -s $LAN_IP_RANGE -j ACCEPT
>
> ########################## Input Section ################################
>
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
>
> $IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \
> -j ACCEPT
> $IPTABLES -A INPUT -p TCP --dport 1723 -j ACCEPT
> $IPTABLES -A INPUT -p 47 -j ACCEPT
>
> $IPTABLES -A INPUT -i ppp+ -j ACCEPT
>
> $IPTABLES -A INPUT -p ICMP -j icmp_packets
>
> $IPTABLES -A INPUT -j LOG --log-prefix "INPUT chain "
> ########################### Forward Section #############################
>
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 25 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 110 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 80 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 443 -j ACCEPT
> #$IPTABLES -A FORWARD -p ICMP -j icmp_packets
> $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A FORWARD -i ppp+ -o $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -i $LAN_IFACE -o ppp+ -j ACCEPT
>
> $IPTABLES -A FORWARD -j LOG --log-prefix "FORWARD chain "
> ########################### Output Section ###############################
>
> $IPTABLES -A OUTPUT -p ALL -o ppp+ -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP2 -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A OUTPUT -j LOG --log-prefix "OUTPUT packet died: "
>
> ########################## end script ####################################
>
> Justin
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: iptables and Poptop
@ 2002-12-10 19:58 Justin Kay
0 siblings, 0 replies; 4+ messages in thread
From: Justin Kay @ 2002-12-10 19:58 UTC (permalink / raw)
To: 'netfilter@tommi.org'; +Cc: Netfilter (E-mail)
You were right on. It was a ppp issue. Thanks for the tip.
Justin
-----Original Message-----
From: netfilter@tommi.org [mailto:netfilter@tommi.org]
Sent: Monday, December 09, 2002 1:05 PM
To: Justin Kay
Cc: Netfilter (E-mail)
Subject: Re: iptables and Poptop
I belive this is a PPP issue, try looking up the ppp proxyarp
option.
- Tomas Edwardsson
- Unix/Linux Support
- Opin Kerfi HF
On Mon, Dec 09, 2002 at 11:26:30AM -0700, Justin Kay wrote:
> From: Justin Kay <jkay@nwrecc.org>
> To: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
> Subject: iptables and Poptop
> X-Mailer: Internet Mail Service (5.5.2653.19)
> Date: Mon, 9 Dec 2002 11:26:30 -0700
>
> I am trying to set up a server as a firewall/vpn server. I am using
> iptables 1.2.6a and poptop 1.1.3. I can connect to the poptop server just
> fine from the internet. I can ping to the 10.0.0.1 address that my poptop
> server uses on the internal interface from the poptop client, but I don't
> get any further that that. I can't ping anything else internally (ten net
> addresses) and I can't ping out to the address issued to the poptop client
> from a LAN machine. Any ideas on where to look?
>
> Rules:
>
> ########################## Policy Section #########################
>
> $IPTABLES -P INPUT DROP
> $IPTABLES -P OUTPUT DROP
> $IPTABLES -P FORWARD DROP
>
> ####################### User defined chains #####################
>
> $IPTABLES -N icmp_packets
>
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 8 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 3 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP -s $LAN_IP_RANGE -j ACCEPT
>
> ########################## Input Section ################################
>
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
>
> $IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED
\
> -j ACCEPT
> $IPTABLES -A INPUT -p TCP --dport 1723 -j ACCEPT
> $IPTABLES -A INPUT -p 47 -j ACCEPT
>
> $IPTABLES -A INPUT -i ppp+ -j ACCEPT
>
> $IPTABLES -A INPUT -p ICMP -j icmp_packets
>
> $IPTABLES -A INPUT -j LOG --log-prefix "INPUT chain "
> ########################### Forward Section #############################
>
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 25 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 110 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 80 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 443 -j ACCEPT
> #$IPTABLES -A FORWARD -p ICMP -j icmp_packets
> $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A FORWARD -i ppp+ -o $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -i $LAN_IFACE -o ppp+ -j ACCEPT
>
> $IPTABLES -A FORWARD -j LOG --log-prefix "FORWARD chain "
> ########################### Output Section ###############################
>
> $IPTABLES -A OUTPUT -p ALL -o ppp+ -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP2 -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -A OUTPUT -j LOG --log-prefix "OUTPUT packet died: "
>
> ########################## end script ####################################
>
> Justin
^ permalink raw reply [flat|nested] 4+ messages in thread
* iptables and poptop
@ 2007-05-18 17:46 Tiron Adrian
0 siblings, 0 replies; 4+ messages in thread
From: Tiron Adrian @ 2007-05-18 17:46 UTC (permalink / raw)
To: netfilter
Hello,
Can somebody please explain me how should i set up forwarding (as i understood) with iptables for the
poptopserver to work?I've read a little on forums about this but i didn't understand much.
Also if you could explain in detail so i could understand(not just to work for me) it would be great.
Thank you.
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-05-18 17:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-09 18:26 iptables and Poptop Justin Kay
2002-12-09 20:04 ` netfilter
-- strict thread matches above, loose matches on Subject: below --
2002-12-10 19:58 Justin Kay
2007-05-18 17:46 iptables and poptop Tiron Adrian
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.