Добавих правилото в firewall-a и го рестартирах, но резултата е същия.
Допълнение: Имам само ICMP до 192.168.0.1, ще си оставя компютъра включен утре,
за да тествам дали мога да го пингвам и него, но се опасявам че няма да стане.
Та проблема ми е че нямам никакъв пакет forwarding от ppp+ към eth1.
----- Original Message -----
From: Danail Petrov
To: Linux Users Group - Bulgaria
Sent: Tuesday, September 30, 2008 2:40 PM
Subject: Re: [Lug-bg] Проблем с pptpd.
До колкото разбирам, проблемът е, че веднъж след като се закачиш и получиш ip
address 192.168.0.100 (в този случай) и когато се опиташ да достигнеш
192.168.0.3 например - не работи. Ами няма как да сработи :) Това е
етернет..... Няма да се впускам в подробности, ще ти кажа кое може да ти реши
проблема - proxy arp. Опитай се да пуснеш такова нещо на интерфейса към
вътрешната си мрежа (в твоят случай eth1 на pptp рутера). С тази команда май
трябва да стане:
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arpМоже да не съм ти разбрал
правилно върпоса де, защото от резултатите които си показал, не става много
ясно кое точно _НЕ_ работи ...
[EMAIL PROTECTED] wrote:
Проблем с pptpd, с описаната по - долу конфигурация след като се вържа на
впн-а ( от Windows машина и съм избрал, vpn-a да ми е default gateway ) имам
интернет, имам пинг до 192.168.0.1 и само това, т.е. впн-а в момента работи
като прокси :), ако се опитам да се вържа през вътрешното ип към хоста на който
е стартиран впн сървъра резултата е time out. Вижте по - долните редове.
system - Debian GNU/Linux 4.0 \n \l
pptpd version - pptpd_1.3.0-2etch2_i386.deb
installed: apt-get install pptpd
config:
[EMAIL PROTECTED]:~# egrep -v '#' /etc/pptpd.conf
option /etc/ppp/pptpd-options
logwtmp
localip 192.168.0.1
remoteip 192.168.0.100-200
[EMAIL PROTECTED]:~# egrep -v '#' /etc/ppp/pptpd-options
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 192.168.0.1
ms-dns 77.70.5.1
proxyarp
nodefaultroute
lock
nobsdcomp
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# egrep -v '#' /etc/init.d/firewall
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT
--to-source 77.70.5.130
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 1723
--syn -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -m state --state
ESTABLISHED,RELATED -j ACCEPT
modprobe ip_gre
modprobe ip_nat_pptp
modprobe ip_conntrack_pptp
iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP
iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
Linux:
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.0.1 P-t-P:192.168.0.100 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:4083 (3.9 KiB) TX bytes:160 (160.0 b)
[EMAIL PROTECTED]:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.0.100 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
77.70.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 77.70.5.1 0.0.0.0 UG 0 0 0 eth0
[EMAIL PROTECTED]:~#
Windows:
PPP adapter d3v1ous.info VPN Server:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : d3v1ous.info VPN Server
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 192.168.0.1
77.70.5.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\>ping abv.bg
Pinging abv.bg [194.153.145.104] with 32 bytes of data:
Reply from 194.153.145.104: bytes=32 time=3ms TTL=59
Reply from 194.153.145.104: bytes=32 time=4ms TTL=59
Reply from 194.153.145.104: bytes=32 time=3ms TTL=59
Reply from 194.153.145.104: bytes=32 time=4ms TTL=59
Ping statistics for 194.153.145.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
C:\>ping d3v1ous.info
Pinging d3v1ous.info [77.70.5.130] with 32 bytes of data:
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Ping statistics for 77.70.5.130:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 2ms, Average = 2ms
C:\>ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average = 3ms
C:\>ftp d3v1ous.info
Connected to d3v1ous.info.
220 77.70.5.130 FTP server ready
User (d3v1ous.info:(none)): ^C
C:\>
C:\>ftp 192.168.0.1
Connected to 192.168.0.1.
Connection closed by remote host.
C:\>
Linux:
[EMAIL PROTECTED]:~# netstat -ntap | grep 21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
4957/inetd
----------------------------------------------------------------------------
_______________________________________________
Lug-bg mailing list
[email protected]
http://linux-bulgaria.org/mailman/listinfo/lug-bg
--
Danail Petrov
Senior Network Administrator
Evolink, Sofia
+359(2)9691650
www.evolink.com
icq uin 989677
------------------------------------------------------------------------------
_______________________________________________
Lug-bg mailing list
[email protected]
http://linux-bulgaria.org/mailman/listinfo/lug-bg
_______________________________________________
Lug-bg mailing list
[email protected]
http://linux-bulgaria.org/mailman/listinfo/lug-bg
