Linux-Bulgaria.ORG

Сега нещата изглеждат така, имам ping до 192.168.0.1 и 192.168.1.1 но нямам интернет.

ами, спри да правиш нещата "наизуст" в стил "copy->paste". Не става така ....

Допълнение: Като въведа в браузера си 192.168.0.1 или 192.168.1.1 си ми отваря страницата която отговаря на външното ип.

Остана само интернета да пусна :)

iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d ! 192.168.0.0/16 -j MASQUERADE

Това би трябвало да ти "пусне" internet-а .....

root@router:~# cat /etc/pptpd.conf | grep 192.
localip 192.168.1.1
remoteip 192.168.1.100-200
root@router:~#

        # Setting up the policy
        iptables -P INPUT DROP
        iptables -P FORWARD DROP
        iptables -P OUTPUT ACCEPT

        # Flushing the Tables
        iptables -F INPUT
        iptables -F FORWARD
        iptables -F OUTPUT
        iptables -F -t nat

        # Accepting ICMP Request
        iptables -A INPUT -p icmp -j ACCEPT
        iptables -A OUTPUT -p icmp -j ACCEPT

        # Forward all packages from local network to the inet
        iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

        # Forward all packages from inet to local network if is exist connection
        iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

        # Accept all packages from local net and loopback iface
        iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
        iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT

        # Doing SNAT for forwarding the packages
        iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 77.70.5.130

        # Deny spoofing
        iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
        iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP

        # Open PPTPD on port 1723
        iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 1723 --syn -j ACCEPT
        iptables -A INPUT -i ppp+ -s 0/0 -d 0/0 -j ACCEPT
        iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
        iptables -A FORWARD -i ppp+ -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o ppp+ -j SNAT --to-source 77.70.5.130

        modprobe ip_gre
        modprobe ip_nat_pptp
        modprobe ip_conntrack_pptp

        # Drop all udp and syn tcp package
        iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP
        iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP

        # Some kernel features
        echo 1 > /proc/sys/net/ipv4/tcp_syncookies
        echo 1 > /proc/sys/net/ipv4/ip_forward
        echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
        echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
        echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
        echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
        echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
        echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
        echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

ppp0      Link encap:Point-to-Point Protocol
          inet addr:192.168.1.1 P-t-P:192.168.1.100 Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
          RX packets:182 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:18949 (18.5 KiB) TX bytes:2339 (2.2 KiB)

root@router:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.100   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
77.70.5.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         77.70.5.1       0.0.0.0         UG    0      0        0 eth0
root@router:~#

Windows:

PPP adapter d3v1ous.info VPN Server:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : d3v1ous.info VPN Server
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       77.70.5.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 3ms, Average = 2ms

C:\>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=4ms TTL=64
Reply from 192.168.1.1: bytes=32 time=4ms TTL=64
Reply from 192.168.1.1: bytes=32 time=3ms TTL=64
Reply from 192.168.1.1: bytes=32 time=3ms TTL=64

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 4ms, Average = 3ms
C:\>ping abv.bg

Pinging abv.bg [194.153.145.104] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 194.153.145.104:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg
  

-- 
Danail Petrov
Senior Network Administrator
Evolink, Sofia
+359(2)9691650
www.evolink.com
icq uin 989677

Re: [Lug-bg] [SPAM] Проблем с pptpd.