Firewall Wizards mailing list archives
Re: Fw: PoPToP and Linux Ipchains firewalls, working config?
From: Peter Lukas <plukas () oss uswest net>
Date: Mon, 25 Jun 2001 07:36:27 -0500 (CDT)
To do "Network Neighborhood" style browsing, you'll need to set up a WINS proxy server. A simple samba process can do the trick. There's some excellent documentation available from samba directly (www.samba.org). You should still be able to view and use the shares directly: net view \\ip.of.other.system Peter Lukas On Thu, 21 Jun 2001, Ron Gonzalez wrote:
Hello everyone, I have been trying for a few days now unsuccessfully, to configure my Linux Firewall to allow PPTP traffic, My story begins when : I first attempted to re-compile the kernel using the VPN MASQ patches available on the web, written by jhardin, unfortunately, the patches failed to compile, and I never got a working kernel. I then and opted to go with the PoPToP server, which would allow me to run the PPTP server right on the box and theirfore not have to worry about using the kernel modules to forward the VPN traffic to an internal VPN server. My firewall script is quite tightly tuned, and I took my firewall script from Bob Zieglers Linux Firewall book, the source scripts are available at linux-firewall-tools.com (or something like that). im having difficulty in that my client does successfully access and login to the PPTPD server and it does in fact acquire an ip address. However, Browsing using the ip address ( \\ip.of.machine.here ) and pinging using ip addresses does not work when the full firewall ruleset is in place, as soon as i run my "fwdisable" script (which allows everything and just leaves the basic masquerading rules in place), everything works (except of course browsing using netbios names). Im confused in that when the PPTPD client is connected, my ppp0 adapter is brought up (naturally) and im not sure whether my ipchains ruleset has to be created with consideration for the -i ppp0 or whether i have to basically concentrate my efforts on the eth1 interface (which is my external, internet connected interface). Im also confused in that since their are two ip chains namely "in & out", is it possible that my eth0 (intranet interface) needs to be configured to allow port 139 and ICMP (in) so that it can be forwarded to ppp0 ? I would like to be able to ping, and to use port 139 to access netbios shares across the pptp link, but at the same time, disallow these things to the internet link (eth1). Thanks! Ron G Gonzalez lc () lcstyle net _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Fw: PoPToP and Linux Ipchains firewalls, working config? Ron Gonzalez (Jun 22)
- Re: Fw: PoPToP and Linux Ipchains firewalls, working config? Martin (Jun 24)
- Re: Fw: PoPToP and Linux Ipchains firewalls, working config? Peter Lukas (Jun 25)