|
pptpd server
hello minds,
i installed pptpd server on centos and i can connect to it from my windows laptop the reason i made vpn server because i want to work on port is closed in my internet the server is on softlayer so is there any configuration to open the port on the pptpd server ??? thanks |
Hello, can you explain a little bit better your configuration and what you actually want?
Which port is closed where? You said you were able to connect from your laptop, so what's the problem then? Regards |
http://www.canyouseeme.org/
and i check the port i want to use it said Error: I could not see your service on x.x.x.x on port (80) Reason: Connection timed out but if i use free vpn i see it is opened so what i should do more ? thank you |
it is iptables issue
|
So you want to open some ports? Which one?
I suggest you read the following thread: http://www.linuxquestions.org/questi...es-4175457932/ |
i make this rule but didnt work ,
i want to use port 81 through this vpn any idea please?? thank you |
this is my iptables rules
PHP Code:
|
I still do not understand what you want to do, but anyway try allowing the port 81 on INPUT chain for all interfaces:
iptables -A INPUT -p tcp -m tcp --dport 81 -j ACCEPT |
simply,
i want to use program work on port 81 and 3460 in my internet these ports is closed so i tested on vpnpop.com it is solve now i dont want to use free vpn and i have my own but my own is closed to clear now ?? thank you bro |
i used : iptables -A INPUT -p tcp -m tcp --dport 81 -j ACCEPT
and the same http://www.canyouseeme.org/ give me Error: I could not see your service on x.x.x.x on port (81) Reason: Connection refused |
need help !!
|
Quote:
Does that program should be listening at port 81/3460? BTW, you must explain the situation better if you want to get any help. |
it is running on my pc
Does that program should be listening at port 81/3460? yes no thing else :( |
Ok, the things are much more clear now.
What you need is the so-called destination NAT iptables rule. Before I provide you with that, please paste here the part of /etc/pptpd.conf where the localip and remoteip are specified. |
localip x.173.180.202
remoteip x.4.252.69 |
at first i do what is in this guide
http://freehostinganswers.com/blog/h...at-and-ubuntu/ |
Add the following iptable rules:
iptables -t nat -A PREROUTING -d x.x.x.x -p tcp --dport 81 -j DNAT --to x.4.252.69 iptables -t nat -A PREROUTING -d x.x.x.x -p tcp --dport 3460 -j DNAT --to x.4.252.69 where x.x.x.x is IP address of your public server. (dont forget to change the "x" with proper number in the x.4.252.69) |
now i cant access my server from my ip iam waiting softlayer to answer me why lol :(
|
?
One thing... the localip and the remoteip (pptpd.conf) should be IP addresses from private range e.g.: localip 10.10.10.2 remoteip 10.10.10.1 Does that goes for your case? |
btw, I hope you did not set the public ip of your PC as a remoteip.
|
my laptop ip is x.4.252.69
my server ip is x.173.180.202 |
Quote:
hahaha i did that sorry i didnt understand this step very well :doh: |
Oh, no :(
You made a common mistake in pptpd.conf find the place in pptpd.conf where the localip/remoteip are specified and edit it to be like this: localip 10.10.10.2 remoteip 10.10.10.1 Then when you get access to your server again, add the following iptables rules: iptables -t nat -A PREROUTING -d x.173.180.202 -p tcp --dport 81 -j DNAT --to 10.10.10.1 iptables -t nat -A PREROUTING -d x.173.180.202 -p tcp --dport 3460 -j DNAT --to 10.10.10.1 |
ok i edited thanks
i can access it through free vpn but i cant access from my ip i dont know why but i put ticket for softlayer.com waiting them to finish so that i can test with these rules |
how i can disconnect ppp0
??? vpn account connected to the server |
i solved the problem /etc/init.d/pptpd restart-kill
that because i put my ip in remote ip lol the softlayer still searching for the problem :P |
you are my super man :D
i love you man :D :hattip: thanks alot |
if i make more than 1 vpn account
all of them will take 10.10.10.1 so that i can put remoteip 10.10.10.1-200 right ? |
and in iptables
iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.1-200 ?? |
No, wait.
You can remove the last added iptables rules. First enter this: iptables -t nat -L --line-numbers you should get something like this: Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 DNAT tcp -- anywhere landings.nyc.trafficz.com tcp dpt:81 to:10.10.10.1 Notify "1" under below the "num" field. You should use that rule number (in your case it can be different) to delete the previous added rules: Then enter: iptables -t nat -D PREROUTING 1 where "1" is the number that you found for "destination" x.173.180.202 |
i didnt understand ,
now i have vpn account and when i connect it take this ip 10.10.10.1 ok if i connect from more than vpn acount 2-3-4-5 so it will all take the ip 10.10.10.1 this will be conflict |
Quote:
I will explain what this rule means. In short this rule means: All TCP packets that are destined to ip 184.173.180.202, to port 82, route to (translate, change destination address) 10.10.10.1 So, when somebody tries to open 184.173.180.202:82, he gets routed (DNAT) to 10.10.10.1 That's the what the DNAT is commonly used for, to enable access to the local servers that has a private ip address. |
Quote:
|
localip 10.10.10.1
remoteip 10.10.10.2-245 so that the users will get ip between 2 and 245 |
but how i can open port for ips between 2 and 245
|
uhm.. No :)
better put like this: localip 10.10.10.254 remoteip 10.10.10.1-10.10.10.253 If you want that a specific pptp user(let's say user: hack-back) always get the same remoteip (10.10.10.1 in your case, because you want to run the some kind of server software at your pptp remoteip), you can achieve this by editing the /etc/ppp/chap-secrets # client server secret IP addresses Bob * pass123 * hack-back * pass123 10.10.10.1 So, in this case study, user "Bob" will get random ip from specified remoteip range, while user "hack-back" will always get the same remoteip - 10.10.10.1 Also, while editing the file above please note that you must press the TAB key between client,server,secret,IP addresses fields. |
ok good thanks and whats about the iptables
-A PREROUTING -d 184.173.180.202/32 -p tcp -m tcp --dport 1177 -j DNAT --to-destination 10.10.10.1 will be just for 10.10.10.1 or all vpn users ?? |
No, you should add one iptables DNAT rule per each user that is going to run some software that should be reachable from Internet.
The static remoteip applies to all those users who are going to run some software that listens at some port. For other users that will not be running anything like I said, you should not add the DNAT rules. |
...yeah be aware that you should not add the DNAT rules using same --dport for different --to-destination
e.g. adding the following two rules will be a mistake: iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.1 iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.2 |
ok thank you man thats big for today,
thank you again bro |
You are welcome, bye
|
| All times are GMT -5. The time now is 09:55 AM. |