LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-11-2012, 12:34 PM   #1
Rothbardian_Tech
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora / CentOS
Posts: 16

Rep: Reputation: 0
I can't SSH to my machine after setting up PPTP VPN


Hi all. I've been using ssh access to my Fedora 12 box for years without a hitch. Now I have decided to setup a lightweight VPN using PPTP for use with the iPhone's VPN client on 3G. This has worked flawlessly, but now I can't access the Fedora machine via ssh anymore. All worked fine until I executed this script with iptables rules for the VPN to work. So now I have functional VPN, but SSH is broken. Any clues? this is the script I used:


iptables_set.sh:

#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

My setup: Fedora 12 Machine with single (eth0) NIC > IPTables > Telsey CPVA500 Router with NAT > Internet
 
Old 08-11-2012, 01:00 PM   #2
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
There is no IPtables rules to allow ssh. So add one. If 'this' is the fedora12 box you want to ssh then the rule would be something like this
Code:
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
If you want rule to allow only for specific network then change it according to that.
 
Old 08-11-2012, 01:39 PM   #3
Rothbardian_Tech
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora / CentOS
Posts: 16

Original Poster
Rep: Reputation: 0
Command line rules

I have SSH server set up on port 6886, NAT on router and port 6886 open on Fedora's firewall GUI.
Before executing that script, I was able to connect to both SSH and VPN but not getting internet through the VPN. Should I use the command line above instead of Fedora's firewall GUI? I want to make sure it won't break internet access on my VPN.
 
Old 08-11-2012, 03:47 PM   #4
Rothbardian_Tech
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora / CentOS
Posts: 16

Original Poster
Rep: Reputation: 0
Solved

Solved. I didn't notice the script above flushed all my iptables rules (stupid on my part)
Tomorrow I will be in front of the server, in order to correct the mess locally.
 
Old 08-12-2012, 02:29 AM   #5
Celyr
Member
 
Registered: Mar 2012
Location: Italy
Distribution: Slackware+Debian
Posts: 314

Rep: Reputation: 77
Also it may be a good idea to try to use snat instead of masquerade wich is reported as potentially insecure
 
Old 08-12-2012, 11:24 AM   #6
Rothbardian_Tech
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora / CentOS
Posts: 16

Original Poster
Rep: Reputation: 0
Thanks for the tip. All is working fine now: I'm posting this from my iPhone connected to vpn and ssh at the same time. Only one thing: Fedora 12 firewall gui sucks, I'm using iptables from command line from now on.
 
Old 08-12-2012, 12:23 PM   #7
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
Quote:
Originally Posted by Rothbardian_Tech View Post
Thanks for the tip. All is working fine now: I'm posting this from my iPhone connected to vpn and ssh at the same time. Only one thing: Fedora 12 firewall gui sucks, I'm using iptables from command line from now on.
Would like to say, Don't use too older fedora version. Reason is , Current version of Fedora is Fedora 17. You will get package for Fedora 15 and Fedora 16 only from the fedora repositories not older than that. So when you are trying to install any new package on your fedora 12 machine using #yum install kb3. It wont work. You have to update your whole machine at the spot.

If you dont want to update so quickly then use Centos (It is Redhat/Fedora with Centos Logos)
 
  


Reply

Tags
iptables, pptp, ssh, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting pptp vpn by command line speigel205 Linux - Networking 2 01-30-2012 09:14 PM
Setting up a VPN server (l2tp OR pptp) on arch linux mrwall-e Linux - Software 9 10-01-2010 05:45 AM
PPTP VPN can connect, but cannot ping/ssh koodoo Linux - Networking 1 02-23-2010 11:31 AM
Can we do secure PPTP over the SSH, in security, like a VPN? frenchn00b Linux - General 8 11-29-2009 06:49 PM
Setting up pptp (VPN) client on slack? vxd Slackware 8 02-26-2006 10:36 PM


All times are GMT -5. The time now is 11:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration