LinuxQuestions.org
Page 3 of 3 12 3
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   pptpd server (https://www.linuxquestions.org/questions/linux-networking-3/pptpd-server-4175458505/)

!! hack-back !! 04-18-2013 06:14 PM
i didnt understand ,
now i have vpn account and when i connect it take this ip 10.10.10.1
ok if i connect from more than vpn acount 2-3-4-5
so it will all take the ip 10.10.10.1 this will be conflict

warez74 04-18-2013 06:16 PM
Quote:
iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.1-200
??
No.
I will explain what this rule means.
In short this rule means:

All TCP packets that are destined to ip 184.173.180.202, to port 82, route to (translate, change destination address) 10.10.10.1

So, when somebody tries to open 184.173.180.202:82, he gets routed (DNAT) to 10.10.10.1

That's the what the DNAT is commonly used for, to enable access to the local servers that has a private ip address.

warez74 04-18-2013 06:19 PM
Quote:
so it will all take the ip 10.10.10.1 this will be conflict
True. You can set the range for remote ip (check the guide in pptpd.conf)

!! hack-back !! 04-18-2013 06:24 PM
localip 10.10.10.1
remoteip 10.10.10.2-245
so that the users will get ip between 2 and 245

!! hack-back !! 04-18-2013 06:32 PM
but how i can open port for ips between 2 and 245

warez74 04-18-2013 06:35 PM
uhm.. No :)

better put like this:

localip 10.10.10.254
remoteip 10.10.10.1-10.10.10.253


If you want that a specific pptp user(let's say user: hack-back) always get the same remoteip (10.10.10.1 in your case, because you want to run the some kind of server software at your pptp remoteip), you can achieve this by editing the

/etc/ppp/chap-secrets

# client server secret IP addresses

Bob * pass123 *
hack-back * pass123 10.10.10.1


So, in this case study, user "Bob" will get random ip from specified remoteip range, while user "hack-back" will always get the same remoteip - 10.10.10.1

Also, while editing the file above please note that you must press the TAB key between client,server,secret,IP addresses fields.

!! hack-back !! 04-18-2013 06:39 PM
ok good thanks and whats about the iptables

-A PREROUTING -d 184.173.180.202/32 -p tcp -m tcp --dport 1177 -j DNAT --to-destination 10.10.10.1


will be just for 10.10.10.1 or all vpn users ??

warez74 04-18-2013 06:45 PM
No, you should add one iptables DNAT rule per each user that is going to run some software that should be reachable from Internet.

The static remoteip applies to all those users who are going to run some software that listens at some port.

For other users that will not be running anything like I said, you should not add the DNAT rules.

warez74 04-18-2013 06:52 PM
...yeah be aware that you should not add the DNAT rules using same --dport for different --to-destination

e.g. adding the following two rules will be a mistake:

iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.1
iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.2

!! hack-back !! 04-18-2013 06:53 PM
ok thank you man thats big for today,
thank you again bro

warez74 04-18-2013 06:54 PM
You are welcome, bye


All times are GMT -5. The time now is 04:39 PM.
Page 3 of 3 12 3
Show 50 post(s) from this thread on one page