Networking :: IPtables - Allow PPTP Server To Access Internet
Jan 24, 2010
I'm running an own PPTP Server, but I can't get it to access the internet. All my PCs at home run in the 192.168.0.0/24 net, the PPTP Server has local IP192.168.0.5 and remote IP 192.168.0.80-99. The router to the internet is at 192.168.0.1, and the IP of eth0 on the machine where the pptpd runs is 192.168.0.4. I want to be able to connect to the internet trough that VPN and access my local LAN servers (which works fine so far). I can ping internet and local IPs successfully, but can not access them with a browser, or connect to them in any other way. I have 'accepted' all in/output and forwards.
I am running a Squid proxy on the same machine, and if I do:
iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -s 192.168.0.0/24 -p tcp --dport 80 --to-port 3128
I can access the internet through Squid, but of course Jabber/ICQ etc. Won't work then because it just refers port 80. But I want the PPTP Clients to connect to the internet directly, if I don't use that rule it's not possible to load any pages. But pinging works all the time. DNS is also working fine, but I can't even access webpages via IP directly. How can I allow the PPTP IPs 192.168.0.80-99 to get direct access to the Internet with Iptables?
View 3 Replies
ADVERTISEMENT
Jan 7, 2011
I have started a newly started a VPN-service with some friends and are offering both OpenVPN and PPTP-vpn.The OpenVPN works perfectly, but we have some problem with the PPTP.It is possible to connect to the VPN, but once connected you can't get any type of access to the outside world ( the interner ).I've googled (Ok, not I, but the tech-guy has) and havn't found any solution so therefor we try here.We are running Debian 5.0 on a XEN VPS.On the machines we've tested OpenVPN works like a charm.
View 12 Replies
View Related
Apr 16, 2010
I'm trying to use a vpn server which uses pptp. I've set up pptp as per the Debian Howto and it seems to be working, but I'm not actually acessing the net via the server.Not sure what info would be useful but here are route -n and ifconfig.Can anyone suggest what is wrong here, and how to test if the vpn link is actually working?
View 6 Replies
View Related
Oct 20, 2010
LinuxA & LinuxB
linuxA:eth0(10.1.1.1) connected linuxB:eth0 (10.1.1.2)
linuxA:eth1(202.1.20.45) connected internet
[code]....
View 2 Replies
View Related
Sep 17, 2009
I'm trying to connect to a Microsoft ISA PPTP server from my Linux box. The box I'm connecting from is itself a router. I have no problem connecting a Windows XP machine to the VPN via this machine. This is fine, but I would rather connect via the Linux machine, giving me far more advanced routing options (i.e. no to send every packet from the XP box completely unnecessarily via the PPTP tunnel). The Linux router is running Debian Lenny.
I've checked iptables. There were initially some issues. I've fixed those.
Invoking pppd from the console, I can see that authentication succeeds, but then some negotiation goes wrong and the server terminates the connection. Here's the output from pppd, with the more sensitive stuff removed:
Code:
<hostname>:~# pppd call <peer> nodetach debug
using channel 19
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xe3e45f75> <pcomp> <accomp>]
code....
View 1 Replies
View Related
May 4, 2011
I have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
View 1 Replies
View Related
Mar 31, 2010
Basically, I have a windows 2003 server virtual machine (vmware) inside Ubuntu 9.10.
The Ubuntu machine has IFconfig:
Code: sam@sam-laptop:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:15:c5:b8:c8:8b
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:17
Why can't I ping or simply access the internal server on my ubuntu machine from a another computer on the 192.168.1.0 (slash)25 physical network? Do I need a bridge? Iptables?
View 4 Replies
View Related
Jun 11, 2010
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
View 2 Replies
View Related
Jun 14, 2010
i have the following ip assignments
fedora (iptables)
eth0 -private :192.168.1.1
eth1 -public : 186.117.50.6
squid proxy
192.168.1.10:3128
my clients range
192.168.2.0/24
how can i make my clients to browse internet only from proxy server my network is NAT 'ed. Please specify a iptable rule to allow internet access for my clients to browse ONLY if they come through proxy server.
View 1 Replies
View Related
Feb 21, 2011
everything works fine, clients can connect to the vpn server with no problems and they can ping local machines! but no internet access through the vpn connection unless i uncheck the default gateway option on my client machine which is not what i want. I want my clients to get my server's ip address. my server is behind a router (router's ip : 192.168.0.1 | server's local ip: 192.168.0.100) so i used localip 192.168.0.100 & remoteip 192.168.0.234-238 in pptpd.conf. it think there is something wrong with routing or firewall rules, because it seems that the DNS resolution works .. when i try to browse a website my browser says "Waiting for xxxxx.com..." and it stays on that stage forever ! the funny part is that google.com works fine (don't know how).
p.s :
* I have already opened the port in on my router. I even tried it locally to make sure that the router is not the problem here. * already added ms-dns 208.67.222.222 / ms-dns 208.67.220.220 to pptpd-options. (found another guide that suggested to do this, before adding these two lines even dns resolution was not working.)
View 1 Replies
View Related
Oct 6, 2009
I am a newcommer to Centos. I should connect to internet via a pptp vpn connection. I created the connection in "network connections". In other distrows I could connect to created pptp vpn connection simply by clicking on network-manager-applet and selecting the connection, but there is no network-manager-applet in Centos. Is there any way to connect to the vpn connection I created or I should go to do it by manually editing config files?
View 3 Replies
View Related
Jun 11, 2011
I've setup a PPTP server on my ubuntu 11.04. PPTP settings seem to be OK and I can connect to my machine from a Windows PPTP client. But then I dont have access to Internet from my Windows machine. Authentication is successful and I can see GRE traffic to my PPTP interface on my Ubuntu, but I can't reach any host (including Internet) after my Ubuntu machine. I suspect this is a routing or NATing issue.
View 1 Replies
View Related
Sep 24, 2010
i have installed Linux i.e ubuntu 10.04 on my PC in which i have installed pptp client and able to connect it successfully but problem is that it unable to browse internet. in windows it works fine.
View 1 Replies
View Related
Jun 20, 2010
I'm looking for a way to tunnel the internet connection of my Ubuntu VPN server to the remote client.The server is running Ubuntu Server 9.04 64-bit, and has a fully functional installation of Poptop and Squid. Is there a way I can get internet requests from the VPN client to tunnel over the VPN and be connected through Squid? I'd think this would be a iptables thing, but I'm not sure.
View 5 Replies
View Related
Aug 26, 2010
I have a linux box (fedora) with two ethernet cards eth1 and eth2. On eth1 I successfully configured a PPPOE internet connection. Such that from the server I can browse the internet. On eth2 I wired it to a wireless router essentially to provide the wireless cloud. On eth2 I also configured dhcp, such that the Linux box is both PPPOE and DHCP server.However my clients on the LAN cannot access the Internet.
On passing the routing command I get
Destination Gateway Iface
196.44.x.y 0.0.0.0 ppp0
192.168.1.0 0.0.0.0 eth2 (my subnet)
0.0.0.0 0.0.0.0 ppp0.
The router (functioning as a wireless access point mainly) has a fixed IP address of 192.168.1.2 and eth2 has IP address 192.168.1.1. The dhcp file running on Linux has been set with option router (Gateway) 192.168.1.1. I cannot figure out how to correctly set the routing table such that my clients on wireless can access the internet cloud. I googled and googled but no solid solution. Any suggestions?
View 3 Replies
View Related
Jan 7, 2011
I am trying to connect to a PPTP VPN at work, and I cannot accomplish that. Both server and client are using Ubuntu 10.10.
Code:
Jan 7 11:32:26 multicore-dev03 NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
[code]....
View 9 Replies
View Related
Mar 13, 2010
i have a VPN server PPTPD on Centos 5.3
eth0: 62.2.2.x (public on the internet)
GW: 62.2.2.1 (cisco router)
i want to configure my ppptp server to allow users access internet with their own public ips of class 62.2.3.0 62.2.4.0 62.2.5.0
every time i configure my server all users can get thier IPs but they only go out with my server IP same as NAT not routing.
can you show me the proper configuration to make my users connect with public IP and have internet access. use specific DNS ( i did this but some users can not brows by DNS)
is there any way to specify an expired date for each pptp user.
View 1 Replies
View Related
Feb 6, 2010
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Code:
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Code:
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
View 7 Replies
View Related
Jun 19, 2011
I have a server that was set up by a friend so I have a location to save all my documents for work in a RAID array.
It is on a static IP address, I can ping the hub and other computers on the network absolutely fine.
I can't connect to the internet, the router in question is a Netgear CG3101D. Logging into the router I can see that the server is a trusted device and in all the parameters are the same as other computer running Ubuntu Studio.
Does anyone have any tips of how I can find out how to find what is wrong?
It is Ubuntu 10.04.2 LTS (Lucid).
View 3 Replies
View Related
Jan 15, 2011
I have install centos 5 in my dell laptop, now i want to configure and run wifi to access internet through wireless.
View 5 Replies
View Related
Jan 2, 2011
I'm setting up an old box as a dedicated file-sharing server on the LAN as well as an internet web server for my personal web site but I have no network connection. My computer is connected to a router which is connected to my DSL modem. The router has the Ubuntu box's MAC address as well as a Win7 box, which connects to the internet fine.
Here is what I've tried:
1. Check routing table
Code:
2. Try to add a default gateway to the internet on eth2, this happens:
Code:
3. I edited resolv.conf, which was empty, adding:
4. I edited /etc/network/interfaces as follows:
Code:
Then I type the following:
Code:
And it keeps doing this endlessly because it's not finding the DHCP server, presumably...? This didn't solve the problem and so I attempted another configuration:
Code:
Still, not internet connection and no ability to apt-get anything (says packages not found)
So, this didn't work either. What I've tried should work, especially the route command. Now why won't it work?
View 13 Replies
View Related
Oct 27, 2010
I've searched the forums (250 thread limit) for a fix on this, but all the questions seem unanswered or unrelated. My situation is this: I'm running Ubuntu x64 10.10 'Maverick'. I have a cablemodem connection for my Internet access. I have home network running on DD-WRT with the dreadful Linksys WRT54G series router.
My DD-WRT router is 192.168.1.1, subnet 255.255.255.0.
My Linux box is 192.168.1.61, subnet 255.255.255.0.
I have a VyprVPN connection set up successfully on Linux. Mostly everything works great, speed's fine, latency is what I expect it to be. Except... I also run an SSH server to remotely admin the box at port 22, an Apache server running over SSL at port 7001, and a Transmission web client at port 7002 (only secured by basic HTTP realms auth). All of these things worked before I got the VPN working, I'm of course using NAT at the DD-WRT router.
The endresult I am looking for, is to have the security and protection of the VPN (even if it's only perceived) for everything I do on this machine -- EXCEPT on Apache, the Transmission web panel, and the SSH server, which I want to access from the outside world. I have no firewalls running or configured, not even iptables, not even the SPI firewall on DD-WRT. All connections to the aforementioned services from the outside world timeout coming in to the Linux box. They all work from inside my home network (182.168.1.0/24). In case it's needed, he's my routing:
[Code]....
View 2 Replies
View Related
Jan 7, 2010
i have successfully setup PPTPD on my server and I can open a VPN tunnel but my clients can only ping the server's IP, they don't have access to the internet through the VPN.
i have searched different forums and understand that I have to create a route on the server to route packets between the VPN interface and my internet gateway, but I didn't manage to get this work.
here is what my setup looks like:
Code:
root@r31495:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1c:c0:c7:13:35
inet addr:94.23.197.XX Bcast:94.23.197.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]....
View 9 Replies
View Related
Jan 17, 2009
I've installed centos 5 on an old computer with success and it works great.I can access the web server hosted on the centos server from any computer on the wireless and wired local network. I can also use ssh (putty) and nx client from any computer on the local network (wired and wireless) to access the centos server.On the wireless router I've configured a port forwarding to the wireless network interface on the centos server. I can access the centos server from the outside (internet) through this port forwarding both through http and ssh or nx client.MY problem is that I can't access the centos server from the internet through the wired network interface. Any attempt to view a web page or login with ssh or the nx client will timeout.
View 9 Replies
View Related
May 14, 2010
I have a local network of two computers running ubuntu connected via a Netgear FR114P. I also have one of the computers connected WiFi to the internet. Can I get on the internet from the alternate computer via the network? Some assistance is appreciated as I am a relative newcomer to this area.
View 2 Replies
View Related
Jan 16, 2011
i would like to setup one of my old pcs as a file server and internet gateway; we are living in a large building shared with 40 others. the ubuntu box would be the one connected to the internet via ethernet and sharing connexion via wifi. i haven't started yet - presently, i am doing the ground work and reading before to start i understand sharing the internet is relatively simple and can be done from the GUI
What we would like is slightly like BT Fon or BT Open Zone in the UK: you can hook on a free network but in order to access outside (internet: email, web, ftp, etc) you need to login login would help us monitor fair usage. I imagine something with username and password for each user would do: as we are a few in the same building not everyone is actually paying for the connection and we don't want to end up with rather large excess bills. So the ones who are paying access both files and internet; those who dont just have access to the files on the local server.
Do i need Ubuntu server to set this up? What hardware would be ideal - given we are all far from rich but willing to have a nice setup
It would be great if you could share some knowledge around the topic and eventually provide some tutorial; also any heads-up on the hardware side would be great! (signal booster, etc - there's 3 floors and 3 buildings)
View 1 Replies
View Related
May 8, 2010
I've got a FC PPTP server up and running but can't connect to it using VPN. I'm using NetworkManager but the connection fails each time. On the server, I'm seeing the following in the /var/log/messages:
Quote:
May 8 16:37:05 li99-23 pppd[2113]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4
May 8 16:37:05 li99-23 pptpd[2112]: GRE: read(fd=6,buffer=8059780,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
[Code].....
Ive checked that the name,passwords all match, which they do. Has anybody seen this before ?
View 1 Replies
View Related
Dec 30, 2010
I'm trying to get a pptp server up and running. The server starts just fine, but encounters errors when a client tries to connect.
Code:
CTRL: I wrote 32 bytes to the client.
Dec 29 23:27:48 frankenstein pptpd[9402]: CTRL: Sent packet to client
Dec 29 23:27:48 frankenstein pptpd[9403]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
[code]....
I assume the failed read line is the culprit. I am currently running on a test machine. There is no firewall. I read on this error points to a firewall misconfiguration, but there isn't one.
View 1 Replies
View Related
May 9, 2010
Tried to install pptp vpn server via webmin, and I tried connecting remotely from my laptop, but it keeps failing on the verify username and password - I get a error 778 it was not possible to verify the identity of the server. Not sure what could be wrong with the config..
View 1 Replies
View Related
Jun 24, 2011
Running Ubuntu 11.04 Server 32bit fresh install
I did this walk-through trying both iptables and ufw
I am able to connect to my VPN server using both windows 7 and Ubuntu desktop just fine, and using wireshark verify that all packets are being compressed and sent through the VPN tunnel.
Many sites work but there are several that will not load while using the VPN, one of them is ubuntu forums also sourceforge.
I can ping the servers while connected but the websites just will not load, and time out. The second I disconnect from the VPN they load instantly.
View 1 Replies
View Related
