-   Linux - Networking (
-   -   IPTABLES: Allow PPTP Server to access the Internet (

xyzxyzxyz 01-24-2010 08:05 AM

IPTABLES: Allow PPTP Server to access the Internet

I'm running an own PPTP Server, but I can't get it to access the internet.

All my PCs at home run in the net,
the PPTP Server has local IP192.168.0.5 and remote IP

The router to the internet is at, and the IP of eth0 on the machine where the pptpd runs is

I want to be able to connect to the internet trough that VPN and access my local LAN servers (which works fine so far). I can ping internet and local IPs successfully, but can not access them with a browser, or connect to them in any other way.

I have 'accepted' all in/output and forwards.

I am running a Squid proxy on the same machine, and if I do:

iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -s -p tcp --dport 80 --to-port 3128
... I can access the internet through Squid, but of course Jabber/ICQ etc. won't work then because it just refers port 80.

But I want the PPTP Clients to connect to the internet directly, if I don't use that rule it's not possible to load any pages. But pinging works all the time. DNS is also working fine, but I can't even access webpages via IP directly.

So how can I allow the PPTP IPs to get direct access to the Internet with Iptables?

Thanks in advance!

nimnull22 01-24-2010 01:31 PM

You need to allow "forward" from ppp0 to the outgoing interface and "forward" from the same interface to ppp0.

xyzxyzxyz 01-24-2010 06:20 PM

I've allowed all input, output and forward traffic, should have mentoined that.

But what do you mean with '"forward" from the same interface to ppp0.' ?


nimnull22 01-24-2010 06:27 PM

Has to be a rules, like:
FORWARD -i eth0 -o ppp0 -j ACCEPT
FORWARD -i ppp0 -o eth0 -j ACCEPT

All times are GMT -5. The time now is 09:48 AM.