Networking :: Iptables And PPTP VPN Filtering?
May 4, 2011
I have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
View 1 Replies
ADVERTISEMENT
Jan 26, 2010
Does anyone have tips about iptables rules for filtering network traffice?
View 2 Replies
View Related
Jan 14, 2011
is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
View 3 Replies
View Related
Jan 24, 2010
I'm running an own PPTP Server, but I can't get it to access the internet. All my PCs at home run in the 192.168.0.0/24 net, the PPTP Server has local IP192.168.0.5 and remote IP 192.168.0.80-99. The router to the internet is at 192.168.0.1, and the IP of eth0 on the machine where the pptpd runs is 192.168.0.4. I want to be able to connect to the internet trough that VPN and access my local LAN servers (which works fine so far). I can ping internet and local IPs successfully, but can not access them with a browser, or connect to them in any other way. I have 'accepted' all in/output and forwards.
I am running a Squid proxy on the same machine, and if I do:
iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -s 192.168.0.0/24 -p tcp --dport 80 --to-port 3128
I can access the internet through Squid, but of course Jabber/ICQ etc. Won't work then because it just refers port 80. But I want the PPTP Clients to connect to the internet directly, if I don't use that rule it's not possible to load any pages. But pinging works all the time. DNS is also working fine, but I can't even access webpages via IP directly. How can I allow the PPTP IPs 192.168.0.80-99 to get direct access to the Internet with Iptables?
View 3 Replies
View Related
Feb 18, 2010
I have slackware 13.0 on my HP 520 laptop.My machine is connected to the internet and it also act as a gateway for other machine of mine.
I want to use mac filtering options of iptables.But i am getting following error
iptables v1.4.3.2: Couldn't load match `ac-source':/usr/libexec/xtables/libipt_ac-source.so: cannot open shared object file: No such file or directory
View 4 Replies
View Related
Jul 2, 2011
I'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
View 4 Replies
View Related
Mar 12, 2011
I have several CS servers running on ubuntu server, and sometimes someone is trying to brute server's RCON password with the program called HLBrute. I've found the following rules to prevent such hack attacks, but they don't work What can be wrong in these rules?
Quote:
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -m limit --limit 1/hour --limit-burst 5 -j LOG --log-prefix " HLBrute_Ataka "
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -j DROP
View 3 Replies
View Related
Jan 7, 2011
I am trying to connect to a PPTP VPN at work, and I cannot accomplish that. Both server and client are using Ubuntu 10.10.
Code:
Jan 7 11:32:26 multicore-dev03 NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
[code]....
View 9 Replies
View Related
Mar 13, 2010
i have a VPN server PPTPD on Centos 5.3
eth0: 62.2.2.x (public on the internet)
GW: 62.2.2.1 (cisco router)
i want to configure my ppptp server to allow users access internet with their own public ips of class 62.2.3.0 62.2.4.0 62.2.5.0
every time i configure my server all users can get thier IPs but they only go out with my server IP same as NAT not routing.
can you show me the proper configuration to make my users connect with public IP and have internet access. use specific DNS ( i did this but some users can not brows by DNS)
is there any way to specify an expired date for each pptp user.
View 1 Replies
View Related
Sep 17, 2009
I'm trying to connect to a Microsoft ISA PPTP server from my Linux box. The box I'm connecting from is itself a router. I have no problem connecting a Windows XP machine to the VPN via this machine. This is fine, but I would rather connect via the Linux machine, giving me far more advanced routing options (i.e. no to send every packet from the XP box completely unnecessarily via the PPTP tunnel). The Linux router is running Debian Lenny.
I've checked iptables. There were initially some issues. I've fixed those.
Invoking pppd from the console, I can see that authentication succeeds, but then some negotiation goes wrong and the server terminates the connection. Here's the output from pppd, with the more sensitive stuff removed:
Code:
<hostname>:~# pppd call <peer> nodetach debug
using channel 19
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xe3e45f75> <pcomp> <accomp>]
code....
View 1 Replies
View Related
Apr 30, 2010
I pay for wifi usage. The access points are using mac address filtering. I know this because I can spoof the mac of another computer of mine and get it online. I'd like to get both the computer's online. I've been trying to do ip masquerading. It hasn't been working so far. I am not sure if the computer connected to mine through a cross over cable is revealing its mac address to the access points when communicating. If so, how does one get around this? ping shows connectivity between the two computers.
View 4 Replies
View Related
Aug 19, 2010
I am using IWSS on RHEL-5 for web filtering and want to use Squid proxy at the same system . I can configure Squid behing of IWSS .
View 1 Replies
View Related
Jun 9, 2011
I am trying to block unappropriated sites on my ubuntu 11.04 with openDNS I installed it and in addithion to the catagoriegs I checked I also added some sites to the always block list, everything according to the site should work. But the problem is that nothing is blocked (also the sites in the always block list). I cleared the browsers cache but it didn't help when i try to clear the local cache with the provided command in their site I think it says it ignored my network.
About firefox,I want to block images only on facebook automatically so I added [URL] to the always block list in the images category and it should work but it just won't block the images. I should note that I use the same method on chrome and there it work like a charm. how to get that working on firefox?
View 9 Replies
View Related
Feb 8, 2010
I am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
View 1 Replies
View Related
Jul 29, 2010
I work at a cybercafe and i am currently plagued by users who, despite the warning not to, continue to watch porn and use p2p software on my connection. I have done some preliminary research on how to filter the web content as well as to reduce the bandwidth used by p2p software on my network. I found that a solution that has worked for many with regard to web content control is danguardian + squid or privoxy in conjunction with a firewall like firehol or something of the sort. Others use an os like untangle or clear os and install it on a stand alone server. then others use open dns. although i would like the open dns solution, i will need to install a dns client, ddclient and i am a linux newbie so and ddclient requires some compiling or so, and i'm not yet into that. I am also currently not in the mood to dabble into untangle or clear os bcos it will cost me a lot do download the iso's. Internet access is costly over here.
Before i go ahead to implement the steps in any of the tutorials i have seen, i am wondering if such a measure will even help at all.You see, at my cafe, i use my server to share the connection to all my clients. I connect to the internet using a gsm modem. then i have two nic's. nic1 is set to share my connection and my router connects to that nic1. nic2 connects to my router using a static ip to enable communicate with my clients. If i implement something like dansguardian on my server, will it solve the problem for me, that is, do i have to also re-implement the steps i took to configure dansguardian on all the other pc's, that is, my clients?
View 2 Replies
View Related
Oct 6, 2010
My network is:
ISP --> SonicWALL--> Proxy --> LAN
Currently Sonicwall is running VPN, DHCP, port forwarding etc.. in a range of 10.0.0.0/24 and I have tried to configure Squid Proxy for content filtering (using squid 3 Transparent mode on Fedora 10 and Iptables). Now I need to implement the proxy over my network without changing the SonicWALL current settings (VPN, Port forwarding and DHCP).
View 5 Replies
View Related
Jan 21, 2010
I'm trying to shape bandwidth using HTB method and filtering classes with destination mac address. for this I've found two codes but none of them seem to filter bandwidth as i want (test with iperf)
code 1 Code: tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit
tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF
code....
View 1 Replies
View Related
Jun 16, 2010
This questions is a little complex but here goes.at a central HQ I have a windows server 2008 R2 machine running routing and remote access. At my home office i have a class C lan with a Fedora 13 machine. I can get fedora 13 to connect using pptp no problem. I have my router running tomato set to redirect all traffic to teh 10.0.0.0 network to my linux server. My questions is how to I make the fedora 13 machine pass all the traffic from my network with destination 10.0.0.0 over the vpn tunnel? so for instance if i ping anything 10.x.x.x from any machine on my network it will find it and reply?
View 1 Replies
View Related
Oct 15, 2010
Trying to connect to my office as a PPTP client, I have setup my PPTP connection in Ubuntu 10.04, and the connection is active, as I can see from the top bar, and the output of ifconfig:
Code:
eth0 Link encap:Ethernet HWaddr 00:18:8b:b7:a3:ef
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:18
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:580 (580.0 B) TX bytes:580 (580.0 B)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.0.166 P-t-P:192.168.0.254 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:108 (108.0 B) TX bytes:96 (96.0 B)
wlan0 Link encap: Ethernet HWaddr 00:19:d2:7a:96:e5
inet addr:192.168.1.107 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::219:d2ff:fe7a:96e5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8525 errors:0 dropped:0 overruns:0 frame:0
TX packets:8496 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5799296 (5.7 MB) TX bytes:1408867 (1.4 MB)
Now I want to access the folder named ABC on the remote PC with IP address of 192.168.0.12, with username USER1 and password PASS1.
View 2 Replies
View Related
Oct 25, 2010
I'm trying to connect to [URL] but it will not work no matter what settings. I have ticked MPPE, configured gateway, username, MSCHAP and MSCHAPv2 are ticked, using 128-bit encryption. I have tried to forward port 1723 and 1127 in my router, I have also ticked "enable PPTP PassThrough" in the router. I cannot telnet to vpn.itshidden.com. This is on Ubuntu Lucid. These are my logs from an unsuccessful connection attempt:
[Code]....
View 1 Replies
View Related
Jan 18, 2011
I am having trouble connecting back to my vpn at work while I'm at home. Mainly need to get our local svn repos for at home development. I successfully connected to the vpn following this [URL]..I am running Lucid Lynx 64bit and I followed the 9.10 section of the tutorial on setting up PPTP connection.
It worked fine. Then I walked away from my computer and it was disconnected when I came back 2 hours later. I was unable to connect back to it. I used my laptop which is running windows 7 and it connected just fine. So, now I am unable to connect to it and have no idea why. I viewed my system log and don't know what to do with the information. Could someone help me out on this.
Jan 18 18:51:43 david-desktop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Jan 18 18:51:43 david-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 5532
Jan 18 18:51:43 david-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections
[Code]...
View 1 Replies
View Related
Apr 25, 2011
10.04 Ubuntu, Have tried every single combination of fields in the Advanced options area when setting up the VPN.
Code:
Apr 25 02:48:10 John NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Apr 25 02:48:10 John NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 12263
Apr 25 02:48:10 John NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections
Apr 25 02:48:10 John NetworkManager: <info> VPN plugin state changed: 1
Apr 25 02:48:10 John NetworkManager: <info> VPN plugin state changed: 3
[Code].......
View 1 Replies
View Related
Apr 11, 2011
I just installed ubuntu 9.10 but there isn`t pptp VPN on Network manager. How can I install its packages?? I dont have any internet access on my linux because the only way to connecting to the internet is pptp VPN for me.
View 1 Replies
View Related
Mar 21, 2011
I have an internet connection with dial up created with pppconfig that I use Code: #pon connection_name to connect to internet in my ubuntu 10.10 platform and it creates me a connection over ppp0. I want to use a PPTP vpn, so I used this command
[Code].....
View 2 Replies
View Related
Jul 16, 2011
I can't get the CentOS version of pptpd to work. I have a Debian 6 one with the exact same setup that does work. The required port is open according to various external port checking websites. It's giving me random errors when trying to connect, including 800, 809, 619. This is what I did so far;
Step 1. Installing pptpd the pptpd is the daemon that runs the pptp server.
To install this:
Step2. Next you will need to modify the pptpd.conf
Step 3. The vpn server is now configured and now you must setup authenticated users:
Step 4. When pptpd was installed it started automatically so we will need to restart it to apply the changes:
Now, if you would like to add internet access over this vpn, you can do this:
And find the line for ipv4 forwarding and make sure it = 1:
Then use iptables to get the net forwarded:
View 1 Replies
View Related
Jul 13, 2009
Just moved over from the dark side (Vista) and was wondering how I can get two (or more) PPTP VPNs connected at any given time. I usually attempt to multi task (although swambo says I can't) and work on various clients' servers at the same time. The GUI network manager thingy only allows me to dial up one VPN at a time. Is there perhaps a cli version and if so where would I go to get a tutorial on this please. BTW, running F11 32bit. Tried Debian and Ubuntu as well and found F11 to blindingly fast on my DualCore Toshiba laptop. Pity I can't see the additional 1Gb of RAM though. (4Gb in total).
View 2 Replies
View Related
Dec 5, 2009
I've followed the information on fedoraguide.info for configuring PPTP but I'm still unable to connect to my windows VPN
This is what I'm getting in /var/log/messages code...
View 1 Replies
View Related
May 8, 2010
I've got a FC PPTP server up and running but can't connect to it using VPN. I'm using NetworkManager but the connection fails each time. On the server, I'm seeing the following in the /var/log/messages:
Quote:
May 8 16:37:05 li99-23 pppd[2113]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4
May 8 16:37:05 li99-23 pptpd[2112]: GRE: read(fd=6,buffer=8059780,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
[Code].....
Ive checked that the name,passwords all match, which they do. Has anybody seen this before ?
View 1 Replies
View Related
Mar 12, 2010
I setup a PPTP VPN connection in ubuntu 9.10 (x86_64) using NetworkManager. After enabling the VPN connection, I can browse web pages (it's perfect) but after a while the vpn connection is terminated! The following is my syslog after connecting and terminating:
Code:
Mar 12 22:10:10 amir-desktop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Mar 12 22:10:10 amir-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 2204
[Code]....
View 7 Replies
View Related
Sep 7, 2010
Having problems connecting to a work's VPN server.syslog output pasted here:
Code:
Sep 7 22:45:31 localhost NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Sep 7 22:45:31 localhost NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 1771
Sep 7 22:45:31 localhost NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections
[Code]...
View 2 Replies
View Related
