LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 04-18-2013, 06:14 PM   #31
!! hack-back !!
Member
 
Registered: Nov 2009
Posts: 143

Original Poster
Rep: Reputation: 2

i didnt understand ,
now i have vpn account and when i connect it take this ip 10.10.10.1
ok if i connect from more than vpn acount 2-3-4-5
so it will all take the ip 10.10.10.1 this will be conflict
 
Old 04-18-2013, 06:16 PM   #32
warez74
LQ Newbie
 
Registered: Apr 2013
Posts: 27

Rep: Reputation: 0
Quote:
iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.1-200
??
No.
I will explain what this rule means.
In short this rule means:

All TCP packets that are destined to ip 184.173.180.202, to port 82, route to (translate, change destination address) 10.10.10.1

So, when somebody tries to open 184.173.180.202:82, he gets routed (DNAT) to 10.10.10.1

That's the what the DNAT is commonly used for, to enable access to the local servers that has a private ip address.
 
Old 04-18-2013, 06:19 PM   #33
warez74
LQ Newbie
 
Registered: Apr 2013
Posts: 27

Rep: Reputation: 0
Quote:
so it will all take the ip 10.10.10.1 this will be conflict
True. You can set the range for remote ip (check the guide in pptpd.conf)
 
Old 04-18-2013, 06:24 PM   #34
!! hack-back !!
Member
 
Registered: Nov 2009
Posts: 143

Original Poster
Rep: Reputation: 2
localip 10.10.10.1
remoteip 10.10.10.2-245
so that the users will get ip between 2 and 245
 
Old 04-18-2013, 06:32 PM   #35
!! hack-back !!
Member
 
Registered: Nov 2009
Posts: 143

Original Poster
Rep: Reputation: 2
but how i can open port for ips between 2 and 245
 
Old 04-18-2013, 06:35 PM   #36
warez74
LQ Newbie
 
Registered: Apr 2013
Posts: 27

Rep: Reputation: 0
uhm.. No

better put like this:

localip 10.10.10.254
remoteip 10.10.10.1-10.10.10.253


If you want that a specific pptp user(let's say user: hack-back) always get the same remoteip (10.10.10.1 in your case, because you want to run the some kind of server software at your pptp remoteip), you can achieve this by editing the

/etc/ppp/chap-secrets

# client server secret IP addresses

Bob * pass123 *
hack-back * pass123 10.10.10.1


So, in this case study, user "Bob" will get random ip from specified remoteip range, while user "hack-back" will always get the same remoteip - 10.10.10.1

Also, while editing the file above please note that you must press the TAB key between client,server,secret,IP addresses fields.
 
Old 04-18-2013, 06:39 PM   #37
!! hack-back !!
Member
 
Registered: Nov 2009
Posts: 143

Original Poster
Rep: Reputation: 2
ok good thanks and whats about the iptables

-A PREROUTING -d 184.173.180.202/32 -p tcp -m tcp --dport 1177 -j DNAT --to-destination 10.10.10.1


will be just for 10.10.10.1 or all vpn users ??
 
Old 04-18-2013, 06:45 PM   #38
warez74
LQ Newbie
 
Registered: Apr 2013
Posts: 27

Rep: Reputation: 0
No, you should add one iptables DNAT rule per each user that is going to run some software that should be reachable from Internet.

The static remoteip applies to all those users who are going to run some software that listens at some port.

For other users that will not be running anything like I said, you should not add the DNAT rules.
 
Old 04-18-2013, 06:52 PM   #39
warez74
LQ Newbie
 
Registered: Apr 2013
Posts: 27

Rep: Reputation: 0
...yeah be aware that you should not add the DNAT rules using same --dport for different --to-destination

e.g. adding the following two rules will be a mistake:

iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.1
iptables -t nat -A PREROUTING -d 184.173.180.202 -p tcp --dport 82 -j DNAT --to 10.10.10.2
 
Old 04-18-2013, 06:53 PM   #40
!! hack-back !!
Member
 
Registered: Nov 2009
Posts: 143

Original Poster
Rep: Reputation: 2
ok thank you man thats big for today,
thank you again bro
 
Old 04-18-2013, 06:54 PM   #41
warez74
LQ Newbie
 
Registered: Apr 2013
Posts: 27

Rep: Reputation: 0
You are welcome, bye
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PPTPD Server cheesewizz Linux - Newbie 1 11-23-2012 03:19 AM
PPTPD server on Linux andyflower Linux - Networking 4 10-07-2011 05:30 AM
PPTPD Server on Ubuntu newFreeBSD Linux - Server 1 05-17-2011 06:35 AM
issues with VPN pptpd server onorua Linux - Networking 1 08-25-2006 03:45 PM
pptpd server and pptp client on the same box - is this possible? acpi Linux - Networking 0 11-30-2005 09:09 AM


All times are GMT -5. The time now is 02:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration