Deags Posted September 25, 2009 Share Posted September 25, 2009 Okay aside for my major routing / iptables issue of not allowing me to send some traffic over one wan and traffic over the other wan(look for my other posts in this forum section). I have a pptp server setup on the box. at present people can connect and get internet. They cannot access the local network though. Here are my rules so far. eth0 is lan eth1 is internet eth2 is adsl modem eth3 is waiting for vpn connections ppp0 is adsl iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source 60.241.215.178 iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --dport 18900:18960 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 18900:18960 -j ACCEPT iptables -A INPUT -i eth3 -p tcp --dport 47 -j ACCEPT iptables -A INPUT -i eth3 -p tcp --dport 1723 -j ACCEPT iptables -I INPUT -i eth0 -j ACCEPT iptables -I INPUT -i eth2 -j ACCEPT iptables -I INPUT -i lo -j ACCEPT iptables -I INPUT -p icmp -i ppp0 -j ACCEPT iptables -I INPUT -p icmp -i eth1 -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -I FORWARD -i eth0 -d 192.168.1.0/255.255.255.0 -j DROP iptables -A FORWARD -s 192.168.1.0/255.255.255.0 -j ACCEPT iptables -A FORWARD -i ppp0 -d 192.168.1.0/255.255.255.0 -j ACCEPT iptables -A FORWARD -i eth1 -d 192.168.1.0/255.255.255.0 -j ACCEPT enjoy Quote Link to comment Share on other sites More sharing options...
ansichild Posted September 25, 2009 Share Posted September 25, 2009 You also need the corresponding routes that would enable the network traffic to go to the right places, I would assume. Let's see the output of your # route -n Quote Link to comment Share on other sites More sharing options...
Deags Posted September 26, 2009 Author Share Posted September 26, 2009 root@1:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 216.218.224.42 10.20.20.229 255.255.255.255 UGH 0 0 0 ppp0 192.168.1.10 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 10.20.20.229 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 124.191.176.0 0.0.0.0 255.255.240.0 U 0 0 0 eth1 0.0.0.0 10.20.20.229 0.0.0.0 UG 0 0 0 ppp0 It used to work before i attempted to secure the box a bit. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.