Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fw: PoPToP and Linux Ipchains firewalls, working config?

From: Peter Lukas <plukas () oss uswest net>
Date: Mon, 25 Jun 2001 07:36:27 -0500 (CDT)
To do "Network Neighborhood" style browsing, you'll need to set up a WINS
proxy server.  A simple samba process can do the trick.

There's some excellent documentation available from samba directly
(www.samba.org).

You should still be able to view and use the shares directly:
net view \\ip.of.other.system

Peter Lukas

On Thu, 21 Jun 2001, Ron Gonzalez wrote:


Hello everyone,

I have been trying for a few days now unsuccessfully, to configure my Linux
Firewall to allow PPTP traffic,
My story begins when :
I first attempted to re-compile the kernel using the VPN MASQ patches
available on the web, written by jhardin, unfortunately, the patches failed
to compile, and I never got a working kernel.

I then and opted to go with the PoPToP server, which would allow me to run
the PPTP server right on the box and theirfore not have to worry about using
the kernel modules to forward the VPN traffic to an internal VPN server.

My firewall script is quite tightly tuned, and I took my firewall script
from Bob Zieglers Linux Firewall book, the source scripts are available at
linux-firewall-tools.com (or something like that).

im having difficulty in that my client does successfully access and login to
the PPTPD server and it does in fact acquire an ip address.

However, Browsing using the ip address (  \\ip.of.machine.here  ) and
pinging using ip addresses does not work when the full firewall ruleset is
in place, as soon as i run my "fwdisable" script (which allows everything
and just leaves the basic masquerading rules in place), everything works
(except of course browsing using netbios names).

Im confused in that when the PPTPD client is connected, my ppp0 adapter is
brought up (naturally) and im not sure whether my ipchains ruleset has to be
created with consideration for the -i ppp0 or whether i have to basically
concentrate my efforts on the eth1 interface (which is my external, internet
connected interface).

Im also confused in that since their are two ip chains namely "in & out", is
it possible that my eth0 (intranet interface) needs to be configured to
allow port 139 and ICMP (in) so that it can be forwarded to ppp0 ?

I would like to be able to ping, and to use port 139 to access netbios
shares across the pptp link, but at the same time, disallow these things to
the internet link (eth1).

Thanks!

Ron G Gonzalez
lc () lcstyle net

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: