|
Проблем с pptpd, с описаната по - долу конфигурация
след като се вържа на впн-а ( от Windows машина и съм избрал, vpn-a да ми е
default gateway ) имам интернет, имам пинг до 192.168.0.1 и само това, т.е.
впн-а в момента работи като прокси :), ако се опитам да се вържа през вътрешното
ип към хоста на който е стартиран впн сървъра резултата е time out. Вижте по -
долните редове.
system - Debian GNU/Linux 4.0 \n \l
pptpd
version - pptpd_1.3.0-2etch2_i386.deb
installed: apt-get install
pptpd
config:
root@router:~#
egrep -v '#' /etc/pptpd.conf
option
/etc/ppp/pptpd-options
logwtmp
localip 192.168.0.1
remoteip
192.168.0.100-200
root@router:~#
egrep -v '#' /etc/ppp/pptpd-options
name
pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns
192.168.0.1
ms-dns
77.70.5.1
proxyarp
nodefaultroute
lock
nobsdcomp
root@router:~#
root@router:~#
egrep -v '#' /etc/init.d/firewall
iptables -P INPUT DROP
iptables -P
FORWARD DROP
iptables -P OUTPUT
ACCEPT
iptables
-F INPUT
iptables -F
FORWARD
iptables -F
OUTPUT
iptables -F -t
nat
iptables
-A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables
-A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables
-A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -i eth0
-m state --state ESTABLISHED,RELATED -j ACCEPT
iptables
-A INPUT -i eth1 -s 0/0 -d 0/0 -j
ACCEPT
iptables -A INPUT -i lo -s
0/0 -d 0/0 -j ACCEPT
iptables
-A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source
77.70.5.130
iptables
-A INPUT -i eth0 -s 192.168.0.0/24 -j
DROP
iptables -A INPUT -i eth0 -s
127.0.0.0/8 -j DROP
iptables
-A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 1723 --syn -j
ACCEPT
iptables -A FORWARD -i ppp+
-o eth0 -j ACCEPT
iptables -A
FORWARD -i eth0 -o ppp+ -m state --state ESTABLISHED,RELATED -j
ACCEPT
modprobe
ip_gre
modprobe
ip_nat_pptp
modprobe
ip_conntrack_pptp
iptables -A
INPUT -s 0/0 -d 0/0 -p udp -j DROP
iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP
echo 1
>
/proc/sys/net/ipv4/tcp_syncookies
echo 1 >
/proc/sys/net/ipv4/ip_forward
echo
1 >
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 >
/proc/sys/net/ipv4/conf/all/log_martians
echo 1 >
/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 >
/proc/sys/net/ipv4/conf/all/rp_filter
echo 0 >
/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
Linux:
ppp0 Link encap:Point-to-Point
Protocol
inet
addr:192.168.0.1 P-t-P:192.168.0.100
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396
Metric:1
RX packets:31
errors:0 dropped:0 overruns:0
frame:0
TX packets:9
errors:0 dropped:0 overruns:0
carrier:0
collisions:0
txqueuelen:3
RX
bytes:4083 (3.9 KiB) TX bytes:160 (160.0 b)
root@router:~# route -n Kernel IP
routing table Destination
Gateway
Genmask Flags Metric
Ref Use Iface 192.168.0.100
0.0.0.0 255.255.255.255
UH 0
0 0
ppp0 192.168.0.0
0.0.0.0
255.255.255.0 U
0 0 0
eth1 77.70.5.0
0.0.0.0
255.255.255.0 U
0 0 0
eth0 0.0.0.0
77.70.5.1
0.0.0.0 UG
0 0 0
eth0 root@router:~#
Windows:
PPP adapter d3v1ous.info VPN Server:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : d3v1ous.info VPN Server
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . .
. . . : No
Autoconfiguration Enabled . . . . :
Yes
IPv4 Address. . . . . . . . . . . :
192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . :
255.255.255.255
Default Gateway . . . . . . . . . :
0.0.0.0
DNS Servers . . . . . . . . . . . :
192.168.0.1
77.70.5.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\>ping abv.bg
Pinging abv.bg [194.153.145.104] with 32 bytes of data:
Reply from 194.153.145.104: bytes=32 time=3ms TTL=59
Reply from
194.153.145.104: bytes=32 time=4ms TTL=59
Reply from 194.153.145.104:
bytes=32 time=3ms TTL=59
Reply from 194.153.145.104: bytes=32 time=4ms
TTL=59
Ping statistics for 194.153.145.104:
Packets: Sent =
4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in
milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average =
3ms
C:\>ping d3v1ous.info
Pinging d3v1ous.info [77.70.5.130] with 32 bytes of data:
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Reply from 77.70.5.130:
bytes=32 time=2ms TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms
TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Ping statistics for 77.70.5.130:
Packets: Sent = 4,
Received = 4, Lost = 0 (0% loss),
Approximate round trip times in
milli-seconds:
Minimum = 2ms, Maximum = 2ms, Average =
2ms
C:\>ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1:
bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms
TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Ping statistics for 192.168.0.1:
Packets: Sent = 4,
Received = 4, Lost = 0 (0% loss),
Approximate round trip times in
milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average =
3ms
C:\>ftp d3v1ous.info
Connected to d3v1ous.info.
220
77.70.5.130 FTP server ready
User (d3v1ous.info:(none)):
^C
C:\>
C:\>ftp 192.168.0.1
Connected to
192.168.0.1.
Connection closed by remote host.
C:\>
Linux: root@router:~# netstat -ntap |
grep 21 tcp
0 0
0.0.0.0:21
0.0.0.0:*
LISTEN 4957/inetd
|