Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Two VPN Interacting?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Luddetiger
n00b
n00b


Joined: 11 Nov 2005
Posts: 25
PostPosted: Wed Dec 05, 2007 11:20 am    Post subject: Two VPN Interacting? Reply with quote
I have a setup that looks like this:

(The graphics did not work....hope you can understand anyway)
Server1 (192.168.1.10) Server2(192.168.1.20)

connected to through lan:

Office Linux Server (192.168.1.15)
OpenVPN Client (10.10.1.2)

which is connected to a proxy server: |

OpenVPN Server (10.10.1.1)
Proxy Server Linux (212.x.x.x)
PPTPVPN Server (10.10.10.1)

which has connection through internet via pptp:

PPTPVPN Client (10.10.10.10)
Laptop1 (some ip)

PPTPVPN Client (10.10.10.16)
Laptop2 (some ip)


And what is working:
On my proxy server I have added a route 192.168.1.0 to 10.10.1.2 and this is working. If I ping on my proxy 192.168.1.10 it works. I have added an iptables rule on the Office Linux server to fix so that the servers is accessible.

But when the laptop connects through the PPTP VPN to the server they can't access 192.168.1.0. They can access 10.10.1.2 but not futher. I have added route 192.168.1.0 to 10.10.10.1 on the client computer and route 10.10.1.0 to 10.10.10.1 as well.

If I do a tracert on the clients to 192.168.1.10 it takes forever and is timed out. I can't see any problems in my firewall.

Dose anyone know what to do? Is there a rule I need to add to the server or is it something else?

Here is my iptables-save (I'm using arnos firewall):
# Generated by iptables-save v1.3.6 on Wed Nov 28 21:10:01 2007
*nat
:PREROUTING ACCEPT [9741:1110358]
:POSTROUTING ACCEPT [251:15409]
:OUTPUT ACCEPT [179:10300]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.10.10.10
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.20
-A PREROUTING -i eth0 -p udp -m udp --dport 25 -j DNAT --to-destination 10.10.10.10
-A PREROUTING -i eth0 -p udp -m udp --dport 3389 -j DNAT --to-destination 192.168.1.20
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A POSTROUTING -s 10.10.10.0/255.255.255.0 -d ! 10.10.10.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.10.1.0/255.255.255.0 -d ! 10.10.1.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Nov 28 21:10:01 2007
# Generated by iptables-save v1.3.6 on Wed Nov 28 21:10:01 2007
*mangle
:PREROUTING ACCEPT [38230:6457919]
:INPUT ACCEPT [29577:5487305]
:FORWARD ACCEPT [1090:93396]
:OUTPUT ACCEPT [26899:4079712]
:POSTROUTING ACCEPT [27988:4173060]
-A PREROUTING -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08
-A PREROUTING -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 23 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 25 -j TOS --set-tos 0x10
-A PREROUTING -p udp -m udp --dport 53 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 67 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x08
-A PREROUTING -p tcp -m tcp --dport 110 -j TOS --set-tos 0x08
-A PREROUTING -p tcp -m tcp --dport 113 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 123 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 143 -j TOS --set-tos 0x08
-A PREROUTING -p tcp -m tcp --dport 443 -j TOS --set-tos 0x08
-A PREROUTING -p tcp -m tcp --dport 993 -j TOS --set-tos 0x08
-A PREROUTING -p tcp -m tcp --dport 995 -j TOS --set-tos 0x08
-A PREROUTING -p tcp -m tcp --dport 1080 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 6000:6063 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p tcp -m tcp --dport 23 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p tcp -m tcp --dport 25 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 67 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 110 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 113 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p tcp -m tcp --dport 123 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p tcp -m tcp --dport 143 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 993 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 995 -j TOS --set-tos 0x08
-A OUTPUT -o eth0 -p tcp -m tcp --dport 1080 -j TOS --set-tos 0x10
-A OUTPUT -o eth0 -p tcp -m tcp --dport 6000:6063 -j TOS --set-tos 0x08
COMMIT
# Completed on Wed Nov 28 21:10:01 2007
# Generated by iptables-save v1.3.6 on Wed Nov 28 21:10:01 2007
*filter
:INPUT DROP [1:40]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [292:22126]
:EXT_ICMP_CHAIN - [0:0]
:EXT_INPUT_CHAIN - [0:0]
:EXT_OUTPUT_CHAIN - [0:0]
:HOST_BLOCK - [0:0]
:LAN_INET_FORWARD_CHAIN - [0:0]
:LAN_INPUT_CHAIN - [0:0]
:MAC_FILTER - [0:0]
:RESERVED_NET_CHK - [0:0]
:SPOOF_CHK - [0:0]
:VALID_CHK - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state RELATED -m tcp --dport 1024:65535 -j ACCEPT
-A INPUT -p udp -m state --state RELATED -m udp --dport 1024:65535 -j ACCEPT
-A INPUT -p icmp -m state --state RELATED -j ACCEPT
-A INPUT -i eth0 -j HOST_BLOCK
-A INPUT -i ppp+ -j MAC_FILTER
-A INPUT -i tap+ -j MAC_FILTER
-A INPUT -j SPOOF_CHK
-A INPUT -i eth0 -j VALID_CHK
-A INPUT -i eth0 -p ! icmp -m state --state NEW -j EXT_INPUT_CHAIN
-A INPUT -i eth0 -p icmp -m state --state NEW -m limit --limit 20/sec --limit-burst 100 -j EXT_INPUT_CHAIN
-A INPUT -i eth0 -p icmp -m state --state NEW -j EXT_ICMP_CHAIN
-A INPUT -i ppp+ -j LAN_INPUT_CHAIN
-A INPUT -i tap+ -j LAN_INPUT_CHAIN
-A INPUT -m limit --limit 1/sec -j LOG --log-prefix "Dropped INPUT packet: " --log-level 6
-A INPUT -j DROP
-A FORWARD -i lo -j ACCEPT
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m state --state RELATED -m tcp --dport 1024:65535 -j ACCEPT
-A FORWARD -p udp -m state --state RELATED -m udp --dport 1024:65535 -j ACCEPT
-A FORWARD -p icmp -m state --state RELATED -j ACCEPT
-A FORWARD -i eth0 -j HOST_BLOCK
-A FORWARD -i ppp+ -j MAC_FILTER
-A FORWARD -i tap+ -j MAC_FILTER
-A FORWARD -j SPOOF_CHK
-A FORWARD -i eth0 -j VALID_CHK
-A FORWARD -i ppp+ -o tap+ -j ACCEPT
-A FORWARD -i tap+ -o ppp+ -j ACCEPT
-A FORWARD -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j LAN_INET_FORWARD_CHAIN
-A FORWARD -i tap+ -o tap+ -j ACCEPT
-A FORWARD -i tap+ -o eth0 -j LAN_INET_FORWARD_CHAIN
-A FORWARD -i eth0 -o ! eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -i eth0 -o ! eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -i eth0 -o ! eth0 -p udp -m udp --dport 25 -j ACCEPT
-A FORWARD -i eth0 -o ! eth0 -p udp -m udp --dport 3389 -j ACCEPT
-A FORWARD -m limit --limit 1/min --limit-burst 3 -j LOG --log-prefix "Dropped FORWARD packet: " --log-level 6
-A FORWARD -j DROP
-A OUTPUT -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -f -m limit --limit 3/min -j LOG --log-prefix "FRAGMENTED PACKET (OUT): " --log-level 6
-A OUTPUT -f -j DROP
-A OUTPUT -o eth0 -j EXT_OUTPUT_CHAIN
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-request(ping) flood: " --log-level 6
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 3 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-unreachable flood: " --log-level 6
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 4 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-source-quench flood: " --log-level 6
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 11 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-time-exceeded flood: " --log-level 6
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 12 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-param.-problem flood: " --log-level 6
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 8 -j DROP
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 3 -j DROP
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 4 -j DROP
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 11 -j DROP
-A EXT_ICMP_CHAIN -p icmp -m icmp --icmp-type 12 -j DROP
-A EXT_ICMP_CHAIN -p icmp -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP(other) flood: " --log-level 6
-A EXT_ICMP_CHAIN -p icmp -j DROP
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0 -m limit --limit 6/hour --limit-burst 1 -j LOG --log-prefix "TCP port 0 OS fingerprint: " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --dport 0 -m limit --limit 6/hour --limit-burst 1 -j LOG --log-prefix "UDP port 0 OS fingerprint: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0 -j DROP
-A EXT_INPUT_CHAIN -p udp -m udp --dport 0 -j DROP
-A EXT_INPUT_CHAIN -p tcp -m tcp --sport 0 -m limit --limit 6/hour -j LOG --log-prefix "TCP source port 0: " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --sport 0 -m limit --limit 6/hour -j LOG --log-prefix "UDP source port 0: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --sport 0 -j DROP
-A EXT_INPUT_CHAIN -p udp -m udp --sport 0 -j DROP
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 22 -j ACCEPT
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 53 -j ACCEPT
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 47 -j ACCEPT
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 1723 -j ACCEPT
-A EXT_INPUT_CHAIN -p udp -m udp --dport 53 -j ACCEPT
-A EXT_INPUT_CHAIN -p udp -m udp --dport 47 -j ACCEPT
-A EXT_INPUT_CHAIN -p udp -m udp --dport 1723 -j ACCEPT
-A EXT_INPUT_CHAIN -p udp -m udp --dport 2746 -j ACCEPT
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 20/sec --limit-burst 100 -j ACCEPT
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "ICMP-request: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 3 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-unreachable: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 4 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-source-quench: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 11 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-time-exceeded: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 12 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-param.-problem: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 1024:65535 ! --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 3/min -j LOG --log-prefix "Stealth scan (UNPRIV)?: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0:1023 ! --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 3/min -j LOG --log-prefix "Stealth scan (PRIV)?: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0:1023 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (PRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --dport 0:1023 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (PRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 1024:65535 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (UNPRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --dport 1024:65535 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (UNPRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -j DROP
-A EXT_INPUT_CHAIN -p udp -j DROP
-A EXT_INPUT_CHAIN -p icmp -j DROP
-A EXT_INPUT_CHAIN -m limit --limit 1/min -j LOG --log-prefix "Other-IP connection attempt: " --log-level 6
-A EXT_INPUT_CHAIN -j DROP
-A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 20/sec --limit-burst 100 -j ACCEPT
-A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "ICMP-request: " --log-level 6
-A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -j DROP
-A LAN_INET_FORWARD_CHAIN -j ACCEPT
-A LAN_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 20/sec --limit-burst 100 -j ACCEPT
-A LAN_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "ICMP-request: " --log-level 6
-A LAN_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -j DROP
-A LAN_INPUT_CHAIN -j ACCEPT
-A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class A address: " --log-level 6
-A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class B address: " --log-level 6
-A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class C address: " --log-level 6
-A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class M$ address: " --log-level 6
-A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -j DROP
-A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -j DROP
-A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -j DROP
-A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -j DROP
-A SPOOF_CHK -s 10.10.10.0/255.255.255.0 -i ppp+ -j RETURN
-A SPOOF_CHK -s 10.10.10.0/255.255.255.0 -i tap+ -j RETURN
-A SPOOF_CHK -s 10.10.10.0/255.255.255.0 -m limit --limit 3/min -j LOG --log-prefix "Spoofed packet: " --log-level 6
-A SPOOF_CHK -s 10.10.10.0/255.255.255.0 -j DROP
-A SPOOF_CHK -s 10.10.1.0/255.255.255.0 -i ppp+ -j RETURN
-A SPOOF_CHK -s 10.10.1.0/255.255.255.0 -i tap+ -j RETURN
-A SPOOF_CHK -s 10.10.1.0/255.255.255.0 -m limit --limit 3/min -j LOG --log-prefix "Spoofed packet: " --log-level 6
-A SPOOF_CHK -s 10.10.1.0/255.255.255.0 -j DROP
-A SPOOF_CHK -j RETURN
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS-PSH scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS-ALL scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 3/min -j LOG --log-prefix "Stealth FIN scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/min -j LOG --log-prefix "Stealth SYN/RST scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 3/min -j LOG --log-prefix "Stealth SYN/FIN scan(?): " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 3/min -j LOG --log-prefix "Stealth Null scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-option 64 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "Bad TCP flag(64): " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-option 128 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "Bad TCP flag(128): " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-option 64 -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-option 128 -j DROP
-A VALID_CHK -m state --state INVALID -j DROP
-A VALID_CHK -f -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "Fragmented packet: "
-A VALID_CHK -f -j DROP
COMMIT
# Completed on Wed Nov 28 21:10:01 2007


If there is something you now that would work I can stop the firewall and just add custom rules to see that it works but then I need the rules for forwarding packedges between ppp and tap . There is no need to be able to surf through the connection. Just need to access computers on the network.

Hope somebody can help me.

Also my routingtable:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.10.10 * 255.255.255.255 UH 0 0 0 ppp0
localnet * 255.255.255.128 U 0 0 0 eth0
192.168.1.0 10.10.1.2 255.255.255.0 UG 0 0 0 tap0
10.10.1.0 * 255.255.255.0 U 0 0 0 tap0
default 212.x.x.x 0.0.0.0 UG 0 0 0 eth0
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy