Linux-Bulgaria.ORG

Добавих правилото в firewall-a и го рестартирах, но резултата е същия.

Допълнение: Имам само ICMP до 192.168.0.1, ще си оставя компютъра включен утре, за да тествам дали мога да го пингвам и него, но се опасявам че няма да стане. Та проблема ми е че нямам никакъв пакет forwarding от ppp+ към eth1.

----- Original Message -----

From: Danail Petrov

To: Linux Users Group - Bulgaria

Sent: Tuesday, September 30, 2008 2:40 PM

Subject: Re: [Lug-bg] Проблем с pptpd.

До колкото разбирам, проблемът е, че веднъж след като се закачиш и получиш ip address 192.168.0.100 (в този случай) и когато се опиташ да достигнеш 192.168.0.3 например - не работи. Ами няма как да сработи :) Това е етернет..... Няма да се впускам в подробности, ще ти кажа кое може да ти реши проблема - proxy arp. Опитай се да пуснеш такова нещо на интерфейса към вътрешната си мрежа (в твоят случай eth1 на pptp рутера). С тази команда май трябва да стане:
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
Може да не съм ти разбрал правилно върпоса де, защото от резултатите които си показал, не става много ясно кое точно _НЕ_ работи ...

d3v1ous@xxxxxxxxxxxx wrote:
Проблем с pptpd, с описаната по - долу конфигурация след като се вържа на впн-а ( от Windows машина и съм избрал, vpn-a да ми е default gateway ) имам интернет, имам пинг до 192.168.0.1 и само това, т.е. впн-а в момента работи като прокси :), ако се опитам да се вържа през вътрешното ип към хоста на който е стартиран впн сървъра резултата е time out. Вижте по - долните редове.

system - Debian GNU/Linux 4.0 \n \l
pptpd version - pptpd_1.3.0-2etch2_i386.deb

installed: apt-get install pptpd
config:

root@router:~# egrep -v '#' /etc/pptpd.conf
option /etc/ppp/pptpd-options
logwtmp
localip 192.168.0.1
remoteip 192.168.0.100-200

root@router:~# egrep -v '#' /etc/ppp/pptpd-options
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 192.168.0.1
ms-dns 77.70.5.1
proxyarp
nodefaultroute
lock
nobsdcomp
root@router:~#

root@router:~# egrep -v '#' /etc/init.d/firewall
        iptables -P INPUT DROP
        iptables -P FORWARD DROP
        iptables -P OUTPUT ACCEPT

        iptables -F INPUT
        iptables -F FORWARD
        iptables -F OUTPUT
        iptables -F -t nat

        iptables -A INPUT -p icmp -j ACCEPT
        iptables -A OUTPUT -p icmp -j ACCEPT

        iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

        iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

        iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
        iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT

        iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 77.70.5.130

        iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
        iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP

        iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 1723 --syn -j ACCEPT
        iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
        iptables -A FORWARD -i eth0 -o ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT

        modprobe ip_gre
        modprobe ip_nat_pptp
        modprobe ip_conntrack_pptp
        iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP
        iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP

        echo 1 > /proc/sys/net/ipv4/tcp_syncookies
        echo 1 > /proc/sys/net/ipv4/ip_forward
        echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
        echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
        echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
        echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
        echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
        echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

Linux:

ppp0      Link encap:Point-to-Point Protocol
          inet addr:192.168.0.1 P-t-P:192.168.0.100 Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:4083 (3.9 KiB) TX bytes:160 (160.0 b)

root@router:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.100   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
77.70.5.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         77.70.5.1       0.0.0.0         UG    0      0        0 eth0
root@router:~#

Windows:

PPP adapter d3v1ous.info VPN Server:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : d3v1ous.info VPN Server
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       77.70.5.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\>ping abv.bg

Pinging abv.bg [194.153.145.104] with 32 bytes of data:

Reply from 194.153.145.104: bytes=32 time=3ms TTL=59
Reply from 194.153.145.104: bytes=32 time=4ms TTL=59
Reply from 194.153.145.104: bytes=32 time=3ms TTL=59
Reply from 194.153.145.104: bytes=32 time=4ms TTL=59

Ping statistics for 194.153.145.104:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 4ms, Average = 3ms

C:\>ping d3v1ous.info

Pinging d3v1ous.info [77.70.5.130] with 32 bytes of data:

Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59
Reply from 77.70.5.130: bytes=32 time=2ms TTL=59

Ping statistics for 77.70.5.130:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms

C:\>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64

Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 3ms, Average = 3ms

C:\>ftp d3v1ous.info
Connected to d3v1ous.info.
220 77.70.5.130 FTP server ready
User (d3v1ous.info:(none)): ^C
C:\>
C:\>ftp 192.168.0.1
Connected to 192.168.0.1.
Connection closed by remote host.

C:\>

Linux:
root@router:~# netstat -ntap | grep 21
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     4957/inetd
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg
  
-- 
Danail Petrov
Senior Network Administrator
Evolink, Sofia
+359(2)9691650
www.evolink.com
icq uin 989677
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg


_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg