Re: Fw: PoPToP and Linux Ipchains firewalls, working config?

[Martin <marty () supine com>]

Ron Gonzalez blurted out:
> im having difficulty in that my client does successfully access and login to
> the PPTPD server and it does in fact acquire an ip address.
>
> However, Browsing using the ip address (  \\ip.of.machine.here  ) and
> pinging using ip addresses does not work when the full firewall ruleset is
> in place, as soon as i run my "fwdisable" script (which allows everything
> and just leaves the basic masquerading rules in place), everything works
> (except of course browsing using netbios names).
>
> Im confused in that when the PPTPD client is connected, my ppp0 adapter is
> brought up (naturally) and im not sure whether my ipchains ruleset has to be
> created with consideration for the -i ppp0 or whether i have to basically
> concentrate my efforts on the eth1 interface (which is my external, internet
> connected interface).

it sounds like your internals interface rules are too tight...

if the client can log on then the external interface ruleset needs no tweaking
basically if you have allowed for the pptp port and GRE packets on the
external interface that is all you need...

as to the internal interface, it sounds like you are blocking some packets
to/from poptop...

in regards to the ppp0 interface, you could place restrictions on that
interface, but that would be enforcing rules only in the context of within
the tunnel itself... ie. blocking/allowing from the client machine through the
pptp tunnel

later
marty

"I can't buy what I want because it's free. Can't be what they want
because I'm me." - Corduroy, Pearl Jam
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards