Re: iptables and Poptop

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: netfilter@tommi.org
To: Justin Kay <jkay@nwrecc.org>
Cc: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
Subject: Re: iptables and Poptop
Date: Mon, 9 Dec 2002 20:04:35 +0000	[thread overview]
Message-ID: <20021209200435.GA31098@ok.is> (raw)
In-Reply-To: <11FE00AA8C43D311ABE3000629B0CB481398E1@DBSISERVER>

I belive this is a PPP issue, try looking up the ppp proxyarp
option.

- Tomas Edwardsson
- Unix/Linux Support
- Opin Kerfi HF

On Mon, Dec 09, 2002 at 11:26:30AM -0700, Justin Kay wrote:
> From: Justin Kay <jkay@nwrecc.org>
> To: "Netfilter (E-mail)" <netfilter@lists.netfilter.org>
> Subject: iptables and Poptop
> X-Mailer: Internet Mail Service (5.5.2653.19)
> Date: Mon, 9 Dec 2002 11:26:30 -0700
> 
> I am trying to set up a server as a firewall/vpn server.  I am using
> iptables 1.2.6a and poptop 1.1.3.  I can connect to the poptop server just
> fine from the internet.  I can ping to the 10.0.0.1 address that my poptop
> server uses on the internal interface from the poptop client, but I don't
> get any further that that.  I can't ping anything else internally (ten net
> addresses) and I can't ping out to the address issued to the poptop client
> from a LAN machine.  Any ideas on where to look?
> 
> Rules:
> 
> ########################## Policy Section #########################
> 
> $IPTABLES -P INPUT DROP
> $IPTABLES -P OUTPUT DROP
> $IPTABLES -P FORWARD DROP
> 
> ####################### User defined chains #####################
> 
> $IPTABLES -N icmp_packets
> 
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 8 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP --icmp-type 3 -j ACCEPT
> $IPTABLES -A icmp_packets -p ICMP -s $LAN_IP_RANGE -j ACCEPT
> 
> ########################## Input Section ################################
> 
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
> $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
> 
> $IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \
> 	-j ACCEPT
> $IPTABLES -A INPUT -p TCP --dport 1723 -j ACCEPT
> $IPTABLES -A INPUT -p 47 -j ACCEPT
> 
> $IPTABLES -A INPUT -i ppp+ -j ACCEPT
> 
> $IPTABLES -A INPUT -p ICMP -j icmp_packets
> 
> $IPTABLES -A INPUT -j LOG --log-prefix "INPUT chain "
> ########################### Forward Section #############################
> 
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 25 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $NT --dport 110 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 80 -j ACCEPT
> $IPTABLES -A FORWARD -i $INET_IFACE -p tcp -d $TETON --dport 443 -j ACCEPT
> #$IPTABLES -A FORWARD -p ICMP -j icmp_packets
> $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> $IPTABLES -A FORWARD -i ppp+ -o $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -i $LAN_IFACE -o ppp+ -j ACCEPT
> 
> $IPTABLES -A FORWARD -j LOG --log-prefix "FORWARD chain "
> ########################### Output Section ###############################
> 
> $IPTABLES -A OUTPUT -p ALL -o ppp+ -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -s $INET_IP2 -j ACCEPT
> $IPTABLES -A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT 
> 
> $IPTABLES -A OUTPUT -j LOG --log-prefix "OUTPUT packet died: "
> 
> ########################## end script ####################################
> 
> Justin

next prev parent reply	other threads:[~2002-12-09 20:04 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-09 18:26 iptables and Poptop Justin Kay
2002-12-09 20:04 ` netfilter [this message]
  -- strict thread matches above, loose matches on Subject: below --
2002-12-10 19:58 Justin Kay
2007-05-18 17:46 iptables and poptop Tiron Adrian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021209200435.GA31098@ok.is \
    --to=netfilter@tommi.org \
    --cc=jkay@nwrecc.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox