Poptop, linux, windows XP

qwertyjjj · 01-06-2010, 03:41 AM

I setup Poptop as per these instructions:
http://www.cayugalake.net/index.php?...inux-PPTP.html

The service started correctly.
However, when I tried connecting from Windows it would not connect.
DO I have to port forward anything in iptables?

TiMich · 01-06-2010, 05:35 AM

If the client could not connect to the server, i guess it is not a port forwarding issue. Maybe you'll need to deal with it later, after you succeed to connect to pptp server.
Are you sure you enabled in iptables input and output rules for GRE protocol and tcp 1723 port? Something like this:

Code:

iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE --dport 1723 -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE -p 47 -s $ANYWHERE -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $EXTERNAL_IP -d $ANYWHERE --sport 1723 -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p 47 -s $EXTERNAL_IP -d $ANYWHERE -j ACCEPT

Also looking in logs can help you to identify the problem.

qwertyjjj · 01-06-2010, 05:46 AM

Quote:

Originally Posted by TiMich

If the client could not connect to the server, i guess it is not a port forwarding issue. Maybe you'll need to deal with it later, after you succeed to connect to pptp server.
Are you sure you enabled in iptables input and output rules for GRE protocol and tcp 1723 port? Something like this:

Code:

iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE --dport 1723 -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE -p 47 -s $ANYWHERE -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $EXTERNAL_IP -d $ANYWHERE --sport 1723 -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p 47 -s $EXTERNAL_IP -d $ANYWHERE -j ACCEPT

Also looking in logs can help you to identify the problem.

Is the external interface the same ip address as the external ip?

This is my current iptables:

Quote:

*filter
:INPUT DROP [10:568]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [5:260]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m recent --set --name SSH -$
-A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m recent --update --seconds$
-A INPUT -d xx.xxx.xxx.199 -p tcp -m tcp --dport 1057 -m state --state NEW -j ACCEPT
-A INPUT -d xx.xxx.xxx.199 -p tcp -m tcp --dport 5555 -m state --state NEW -j ACCEPT
-A INPUT -d xx.xxx.xxx.199 -p tcp -m tcp --dport 1723 -m state --state NEW -j ACCEPT
-A INPUT -p 47 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -d xx.xxx.xxx.198 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -d xx.xxx.xxx.198 -p tcp -m state --state NEW -m tcp --dport 1935 -j ACCEPT
-A INPUT -d xx.xxx.xxx.198 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -d xx.xxx.xxx.198 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
-A INPUT -d xx.xxx.xxx.198 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLI$
-A OUTPUT -s xx.xxx.xxx.198 -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHE$
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

COMMIT

TiMich · 01-06-2010, 05:59 AM

external_interface is the network interface connected to WAN (like eth0 or eth1, etc). But it seems to be ok with your iptables configs. Do you see any activity of the pptp server in /var/log/messages?