LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page PPTP VPN Ping Problem
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-17-2012, 06:03 AM   #1
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Rep: Reputation: 15
PPTP VPN Ping Problem

I have installed PPTP on a suse 11.3 machine and can connect to it from a winxp client I cant get any further!

The server is on a public ip address ip forwarded to an internal address.

I can ping by ip address and netbios name the vpn server and the router but I cannot ping to any other machines on the network port 1723/GRE is open on the vpn server.

I'm not sure what I should have for "localip" in pptpd.conf

I have tried:
192.168.1.1 (router)
192.168.1.12 (vpn server)
xxx.xxx.xxx.xxx (vpn server public address)
192.168.1.12,192.168.1.14 (vpn and fixed ip machine)

but still I can't ping that machine at 192.168.1.14 but I can ping it locally.

name resolution is by LMHosts at present but I would like to set up browsing once the basics are running.

Any help greatfuly(desperately!) received.
 
Old 07-17-2012, 09:58 AM   #2
Lexus45
Member
 
Registered: Jan 2010
Distribution: Debian, Centos, Ubuntu, Slackware
Posts: 361
Blog Entries: 3

Rep: Reputation: 48
What about accepting traffic in the FORWARD, on the pptp-interface, of your iptables? Doesn't it block the traffic?

If you want to access other pptp-clients, you should allow it in iptables, and there is a specific option in the pptp-server, if I'm not mistaken.
If you want to access some other network behind the pptp-server through the pptp-tunnel, you also have to play with the routing table.
 
Old 07-18-2012, 03:36 AM   #3
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 51
Please post the output of these two commands so that we can assist you further:
Code:
cat /proc/sys/net/ipv4/ip_forward
iptables-save
 
Old 07-18-2012, 02:06 PM   #4
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by SuperJediWombat! View Post
Please post the output of these two commands so that we can assist you further:
Code:
cat /proc/sys/net/ipv4/ip_forward
iptables-save
I assume you mean the vpn server not the unreachable machine at .14


BTW, I dont see to be able to map a drive manually either although there are several shares on Echo1

Code:
Echo1:~ # cat /proc/sys/net/ipv4/ip_forward
1
Code:
Echo1:~ # iptables-save
# Generated by iptables-save v1.4.8 on Wed Jul 18 19:55:31 2012
*raw
:PREROUTING ACCEPT [447:78325]
:OUTPUT ACCEPT [327:33503]
-A PREROUTING -i lo -j NOTRACK
-A OUTPUT -o lo -j NOTRACK
COMMIT
# Completed on Wed Jul 18 19:55:31 2012
# Generated by iptables-save v1.4.8 on Wed Jul 18 19:55:31 2012
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forward_ext - [0:0]
:input_ext - [0:0]
:reject_func - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m state --state RELATED -j ACCEPT
-A INPUT -i eth0 -j input_ext
-A INPUT -i ppp0 -j input_ext
-A INPUT -j input_ext
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -j forward_ext
-A FORWARD -i ppp0 -j forward_ext
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR " --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_ext -m pkttype --pkt-type multicast -j DROP
-A forward_ext -m pkttype --pkt-type broadcast -j DROP
-A forward_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -p udp -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -j DROP
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 138 -j ACCEPT
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A input_ext -p udp -m udp --sport 137 -m state --state RELATED -j ACCEPT
-A input_ext -p gre -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1723 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 139 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 139 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 445 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 445 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 22 -j ACCEPT
-A input_ext -p udp -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m udp --dport 138 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 2049 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 2049 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 2049 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 2049 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 60116 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 60116 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 35657 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 35657 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 111 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 111 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 111 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 111 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 52512 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 52512 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 55994 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 55994 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 52512 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 52512 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 55994 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 55994 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 58020 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 58020 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 53517 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 53517 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 58020 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 58020 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 53517 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 53517 -j ACCEPT
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Wed Jul 18 19:55:31 2012
Thanks for your help.
 
Old 07-22-2012, 07:00 PM   #5
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by PedFleming View Post
Commands are ok, but version of vpn australia is too old to pick the service pack. Update it from the site and restart it and make setup again.
Sorry Ped, I don't understand this. AFAIK I'm not running vpn australia but pptpd from the opensuse repository.
 
Old 07-24-2012, 12:41 AM   #6
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 51
It looks as though your firewall is dropping all of the traffic from your VPN client, you should find some of the drops logged in /var/log/messages.

Is this a production machine? Is it OK to change the firewall temporarily for testing? If so, try this:
Code:
iptables -I FORWARD -s 192.168.1.14 -j ACCEPT
iptables -I FORWARD -d 192.168.1.14 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -I INPUT -s 192.168.1.14 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Once you have added those rules, try the connections again.

If you still have issues, post the results of these commands:
- From the VPN client
Code:
iptables-save
ifconfig
ip route
ping 192.168.1.14 -c4
ping 8.8.8.8 -c4
- From the VPN server
Code:
iptables-save
ifconfig
ip route
ping 192.168.1.12 -c4
ping 8.8.8.8 -c4
 
Old 07-25-2012, 03:47 AM   #7
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by SuperJediWombat! View Post
It looks as though your firewall is dropping all of the traffic from your VPN client, you should find some of the drops logged in /var/log/messages.

Is this a production machine? Is it OK to change the firewall temporarily for testing? If so, try this:
No its not a production machine - yet. It was an old machine which I chose to build the VPN server on.

Unfortunately the gremlins are temporarily winning. I was hoping to get this working before the vacation. I now sitting on the beach worrying about this and powerless to act. and only have a dialup connection at 36K!

I'll post a reply to you in about 3 weeks time if that is ok Thanks for your help.
 
Old 08-15-2012, 05:45 AM   #8
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by SuperJediWombat! View Post
It looks as though your firewall is dropping all of the traffic from your VPN client, you should find some of the drops logged in /var/log/messages.

Is this a production machine? Is it OK to change the firewall temporarily for testing? If so, try this:
Code:
iptables -I FORWARD -s 192.168.1.14 -j ACCEPT
iptables -I FORWARD -d 192.168.1.14 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -I INPUT -s 192.168.1.14 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Once you have added those rules, try the connections again.

If you still have issues, post the results of these commands:
- From the VPN client
Code:
iptables-save
ifconfig
ip route
ping 192.168.1.14 -c4
ping 8.8.8.8 -c4
- From the VPN server
Code:
iptables-save
ifconfig
ip route
ping 192.168.1.12 -c4
ping 8.8.8.8 -c4
OK back in the saddle.

I have added all iptable entries you suggested but the situation is no different.

The client is a windows box so I can't run the linux commands.

The server results have been produced using Putty, I hope this is what you meant.

Here are the results from the server:

Code:
Echo1:/etc # iptables-save
# Generated by iptables-save v1.4.8 on Wed Aug 15 11:27:20 2012
*raw
:PREROUTING ACCEPT [22:1488]
:OUTPUT ACCEPT [13:1078]
-A PREROUTING -i lo -j NOTRACK
-A OUTPUT -o lo -j NOTRACK
COMMIT
# Completed on Wed Aug 15 11:27:20 2012
# Generated by iptables-save v1.4.8 on Wed Aug 15 11:27:20 2012
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forward_ext - [0:0]
:input_ext - [0:0]
:reject_func - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m state --state RELATED -j ACCEPT
-A INPUT -i eth0 -j input_ext
-A INPUT -j input_ext
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -j forward_ext
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR " --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_ext -m pkttype --pkt-type multicast -j DROP
-A forward_ext -m pkttype --pkt-type broadcast -j DROP
-A forward_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -p udp -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -j DROP
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 138 -j ACCEPT
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A input_ext -p udp -m udp --sport 137 -m state --state RELATED -j ACCEPT
-A input_ext -p gre -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1723 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 139 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 139 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 445 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 445 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 22 -j ACCEPT
-A input_ext -p udp -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m udp --dport 138 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 2049 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 2049 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 2049 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 2049 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 59845 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 59845 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 60210 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 60210 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 111 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 111 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 111 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 111 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 53638 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 53638 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 32879 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 32879 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 53638 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 53638 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 32879 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 32879 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 49075 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 49075 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 52584 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 52584 -j ACCEPT
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -m udp --dport 49075 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 49075 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m state --state NEW -m tcp --dport 52584 -j LOG --log-prefix "SFW2-INext-ACC-RPC " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 52584 -j ACCEPT
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Wed Aug 15 11:27:20 2012]
Code:
Echo1:/etc # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:48:54:51:C9:CB
          inet addr:192.168.1.12  Bcast:192.168.1.127  Mask:255.255.255.128
          inet6 addr: fe80::248:54ff:fe51:c9cb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:62217 errors:0 dropped:0 overruns:0 frame:0
          TX packets:62576 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:30099034 (28.7 Mb)  TX bytes:10752615 (10.2 Mb)
          Interrupt:11 Base address:0x8000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:515 errors:0 dropped:0 overruns:0 frame:0
          TX packets:515 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:56336 (55.0 Kb)  TX bytes:56336 (55.0 Kb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:192.168.1.1  P-t-P:192.168.1.112  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:3938 (3.8 Kb)  TX bytes:108 (108.0 b)
Code:
Echo1:/etc # ip route
192.168.1.0/25 dev eth0  proto kernel  scope link  src 192.168.1.12
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.1.1 dev eth0
Code:
Echo1:/etc # ping 192.168.1.14 -c4
PING 192.168.1.14 (192.168.1.14) 56(84) bytes of data.
64 bytes from 192.168.1.14: icmp_seq=1 ttl=64 time=0.637 ms
64 bytes from 192.168.1.14: icmp_seq=2 ttl=64 time=0.534 ms
64 bytes from 192.168.1.14: icmp_seq=3 ttl=64 time=0.533 ms
64 bytes from 192.168.1.14: icmp_seq=4 ttl=64 time=0.534 ms

--- 192.168.1.14 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.533/0.559/0.637/0.050 ms
Code:
Echo1:/etc # ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=38.8 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=38.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=37.8 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=38.2 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 37.832/38.435/38.871/0.480 ms
The Client Pings are:

Code:
C:\Documents and Settings\Rick>ping 192.168.1.12

Pinging 192.168.1.12 with 32 bytes of data:

Reply from 192.168.1.12: bytes=32 time=84ms TTL=64
Reply from 192.168.1.12: bytes=32 time=163ms TTL=64
Reply from 192.168.1.12: bytes=32 time=124ms TTL=64
Reply from 192.168.1.12: bytes=32 time=129ms TTL=64

Ping statistics for 192.168.1.12:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 84ms, Maximum = 163ms, Average = 125ms
With "Use remote gateway enabled"...
Code:
C:\Documents and Settings\Rick>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Using local gateway...

Code:
C:\Documents and Settings\Rick>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:

Reply from 8.8.8.8: bytes=32 time=56ms TTL=52
Reply from 8.8.8.8: bytes=32 time=58ms TTL=52
Reply from 8.8.8.8: bytes=32 time=57ms TTL=52
Reply from 8.8.8.8: bytes=32 time=56ms TTL=52

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% l
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 58ms, Average = 56ms
 
Old 10-02-2012, 04:16 AM   #9
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
BTW, I gave up with this installation and upgraded to SUSE 12.1. That was not easy in itself but I have finally got it working. When I can get a round toit I'll post a Wiki but the guts of how to do it are on the opensuse networking forum. I have one final issue how to set up the hosts and lmhosts files on my laptop which is the subject of a new post.

Thanks for the help.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pptp vpn server can not ping client fanfusheng Linux - Server 1 05-30-2012 07:03 AM
PPTP VPN can connect, but cannot ping/ssh koodoo Linux - Networking 1 02-23-2010 11:31 AM
PPTP VPN can connect, but cannot ping terrio Linux - Networking 5 02-18-2010 05:39 AM
a pptp vpn problem lth0721 Linux - Networking 2 05-13-2009 11:01 PM
LXer: Linux Configure point to point tunneling PPTP VPN client for Microsoft PPTP vpn server LXer Syndicated Linux News 0 06-13-2007 08:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:41 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration