|

»

Client's connection to internet

View: New views

7 Messages — Rating Filter: Alert me

	Client's connection to internet by Eric-304 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, There is a pptp server installed on a pc in a LAN. Client can ping the server but can't connect to the internet. The content of /var/log/messages: Jun 6 20:53:46 localhost pptpd[10961]: CTRL: Client 192.168.201.60 control connection finished Jun 6 21:25:25 localhost pptpd[11221]: CTRL: Client 192.168.201.60 control connection started Jun 6 21:25:25 localhost pptpd[11221]: CTRL: Starting call (launching pppd, opening GRE) Jun 6 21:25:25 localhost pppd[11222]: Plugin radius.so loaded. Jun 6 21:25:25 localhost pppd[11222]: RADIUS plugin initialized. Jun 6 21:25:25 localhost pppd[11222]: Plugin /usr/lib/pptpd/pptpd-logwtmp. so loaded. Jun 6 21:25:25 localhost pppd[11222]: pppd 2.4.4 started by root, uid 0 Jun 6 21:25:25 localhost pppd[11222]: Using interface ppp0 Jun 6 21:25:25 localhost pppd[11222]: Connect: ppp0 <--> /dev/pts/5 Jun 6 21:25:28 localhost pptpd[11221]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jun 6 21:25:28 localhost pppd[11222]: rc_avpair_gen: received unknown attribute 85 of length 4: 0x0000012C Jun 6 21:25:28 localhost pppd[11222]: PAP peer authentication succeeded for hadad Jun 6 21:25:28 localhost pppd[11222]: Cannot determine ethernet address for proxy ARP Jun 6 21:25:28 localhost pppd[11222]: local IP address 10.10.10.2 Jun 6 21:25:28 localhost pppd[11222]: remote IP address 10.10.1.10 Jun 6 21:26:07 localhost pppd[11222]: LCP terminated by peer (^VM-^JkM-N^@<M-Mt^@^@^@^@) Jun 6 21:26:07 localhost pppd[11222]: rc_avpair_new: unknown attribute 48 Jun 6 21:26:07 localhost pppd[11222]: rc_avpair_new: unknown attribute 47 Jun 6 21:26:07 localhost pppd[11222]: Connect time 0.7 minutes. Jun 6 21:26:07 localhost pppd[11222]: Sent 0 bytes, received 2996 bytes. Jun 6 21:26:07 localhost pppd[11222]: Modem hangup Jun 6 21:26:07 localhost pppd[11222]: Connection terminated. Jun 6 21:26:07 localhost pppd[11222]: Exit. I created a file for iptables roles with these lines: #!/bin/sh # Flush all rules iptables -F iptables -X iptables -Z # Allow all VPN stuff iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p 47 -j ACCEPT iptables -A OUTPUT -p tcp --sport 1723 -j ACCEPT iptables -A OUTPUT -p 47 -j ACCEPT iptables -A FORWARD -i ppp0 -o eth0 -s 10.10.1.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE but clients can't to be connected to internet. ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server
	Re: Client's connection to internet by bruno@openline.com.br :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message --- Eric <bbahar3@...> escreveu: > There is a pptp server installed on a pc in a LAN. Client can ping > the server but can't connect to the internet. Is IP_FORWARDING turned on? Cheers !3runo from Brazil ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server
	Re: Client's connection to internet by Eric-304 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes. In /etc/sysctl.conf : net.ipv4.ip_forward = 1 On Sat, Jun 6, 2009 at 7:57 PM, Bruno@... <Bruno@...> wrote: --- Eric <bbahar3@...> escreveu: > There is a pptp server installed on a pc in a LAN. Client can ping > the server but can't connect to the internet. Is IP_FORWARDING turned on? Cheers !3runo from Brazil ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server
	Re: Client's connection to internet by bruno@openline.com.br :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message --- Eric <bbahar3@...> escreveu: > Yes. In /etc/sysctl.conf : net.ipv4.ip_forward = 1 > > > > There is a pptp server installed on a pc in a LAN. Client can ping > > > the server but can't connect to the internet. > > > > Is IP_FORWARDING turned on? Ok. Please tcpdump -i ppp0 and tcpdump -i eth0 on another window, try a ping from the client to any internet host and check if the packets arrive (on ppp0) and are being really NATted (in eth0) Cheers !3runo from Brazil ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server
	Re: Client's connection to internet by Eric-304 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Note: this LAN use proxy server therefore VPN server and client have proxy for connecting to the internet. Should it be considered in iptables setting? VPN server eth0 IP:192.168.201.7 VPN client eth0 IP: 192.168.201.60 VPN server ppp0 IP: 10.10.10.2 VPN client ppp0 IP:10.10.1.10 Should I set ms-wins? When I set ms-wins 192.168.201.7 #tcpdump -i ppp0: 21:26:02.574494 IP localhost.localdomain > 10.10.1.10: ICMP localhost.localdomain udp port netbios-ns unreachable, length 104 21:26:04.080615 IP 10.10.1.10.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 21:26:04.830676 IP 10.10.1.10.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 21:26:05.580774 IP 10.10.1.10.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 21:26:06.330855 IP 10.10.1.10.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 21:26:07.081035 IP localhost.localdomain > 10.10.1.10: ICMP localhost.localdomain udp port netbio and #tcpdump -i eth0 IP 192.168.201.60 > localhost.localdomain: GREv1, call 384, seq 12, length 109: IP 10.10.1.10.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST IP localhost.localdomain.32838 > ns.domain: 29264+ PTR? 60.201.168.192.in-addr.arpa. (45) IP localhost.localdomain > 192.168.201.60: GREv1, call 18899, ack 12, no-payload, length 12 IP ns.domain > localhost.localdomain.32838: 29264 NXDomain 0/1/0 (122) IP localhost.localdomain.32838 > ns.domain: 34037+ PTR? 255.255.255.255.in-addr.arpa. (46) IP ns.domain > localhost.localdomain.32838: 34037 NXDomain* 0/1/0 (96) IP localhost.localdomain.32838 > ns.domain: 15104+ PTR? 10.1.10.10.in-addr.arpa. (41) On Sun, Jun 7, 2009 at 6:49 PM, Bruno@... <Bruno@...> wrote: --- Eric <bbahar3@...> escreveu: > Yes. In /etc/sysctl.conf : net.ipv4.ip_forward = 1 > > > > There is a pptp server installed on a pc in a LAN. Client can ping > > > the server but can't connect to the internet. > > > > Is IP_FORWARDING turned on? Ok. Please tcpdump -i ppp0 and tcpdump -i eth0 on another window, try a ping from the client to any internet host and check if the packets arrive (on ppp0) and are being really NATted (in eth0) Cheers !3runo from Brazil ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server
	Re: Client's connection to internet by Eric-304 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I think my problem is proxy.How can I use iptable to send vpn client traffic to the proxy? My vpn clients and server couldn't connect to internet without proxy. On Mon, Jun 8, 2009 at 10:27 AM, Eric <bbahar3@...> wrote: Note: this LAN use proxy server therefore VPN server and client have proxy for connecting to the internet. Should it be considered in iptables setting? VPN server eth0 IP:192.168.201.7 VPN client eth0 IP: 192.168.201.60 VPN server ppp0 IP: 10.10.10.2 VPN client ppp0 IP:10.10.1.10 Should I set ms-wins? When I set ms-wins 192.168.201.7 ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server
	Re: Client's connection to internet by Per Qvindesland-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hi Appologies I have not been following the thread so I may be jumping to conclusions here. But when you say iptables and proxy would this script perhaps do the job? #!/bin/sh # TCP Proxy using IPTables IPTABLES=/sbin/iptables echo 1 > /proc/sys/net/ipv4/ip_forward # Flush nat table $IPTABLES -t nat -F # tcpproxy LOCAL_IP LOCAL_PORT REMOTE_IP REMOTE_PORT function tcpproxy { $IPTABLES -t nat -A PREROUTING --dst $1 -p tcp --dport $2 -j DNAT --to-destination $3:$4 $IPTABLES -t nat -A POSTROUTING --dst $3 -p tcp --dport $4 -j SNAT --to-source $1 $IPTABLES -t nat -A OUTPUT --dst $1 -p tcp --dport $2 -j DNAT --to-destination $3:$4 } # Example 1 tcpproxy 192.168.40.244 3200 10.10.10.2 3200 # Example 2 tcpproxy 192.168.40.245 3200 192.168.1.30 3200 Per E-mail: per@... http://www.linkedin.com/in/perqvindesland --- Original message follows --- Subject: Re: [Poptop-server] Client's connection to internet From: Eric <bbahar3@...> To: "poptop-server@..." <poptop-server@...> Date: 09-06-2009 12:16 I think my problem is proxy.How can I use iptable to send vpn client traffic to the proxy? My vpn clients and server couldn't connect to internet without proxy. On Mon, Jun 8, 2009 at 10:27 AM, Eric <bbahar3@...> wrote: Note: this LAN use proxy server therefore VPN server and client have proxy for connecting to the internet. Should it be considered in iptables setting? VPN server eth0 IP:192.168.201.7 VPN client eth0 IP: 192.168.201.60 VPN server ppp0 IP: 10.10.10.2 VPN client ppp0 IP:10.10.1.10 Should I set ms-wins? When I set ms-wins 192.168.201.7 ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects_______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Poptop-server mailing list Poptop-server@... https://lists.sourceforge.net/lists/listinfo/poptop-server