2008/9/30 Danail Petrov <[EMAIL PROTECTED]> > До колкото разбирам, проблемът е, че веднъж след като се закачиш и получиш > ip address 192.168.0.100 (в този случай) и когато се опиташ да достигнеш > 192.168.0.3 например - не работи. Ами няма как да сработи :) Това е > етернет..... Няма да се впускам в подробности, ще ти кажа кое може да ти > реши проблема - proxy arp. Опитай се да пуснеш такова нещо на интерфейса към > вътрешната си мрежа (в твоят случай eth1 на pptp рутера). С тази команда май > трябва да стане: > > echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp > > Може да не съм ти разбрал правилно върпоса де, защото от резултатите които > си показал, не става много ясно кое точно _НЕ_ работи ... >
proxyarp параметъра в конфига на pptpd не е ли достатъчен за целта. > > [EMAIL PROTECTED] wrote: > > Проблем с pptpd, с описаната по - долу конфигурация след като се вържа на > впн-а ( от Windows машина и съм избрал, vpn-a да ми е default gateway ) имам > интернет, имам пинг до 192.168.0.1 и само това, т.е. впн-а в момента > работи като прокси :), ако се опитам да се вържа през вътрешното ип към > хоста на който е стартиран впн сървъра резултата е time out. Вижте по - > долните редове. > > system - Debian GNU/Linux 4.0 \n \l > pptpd version - pptpd_1.3.0-2etch2_i386.deb > > installed: apt-get install pptpd > config: > > [EMAIL PROTECTED]:~# egrep -v '#' /etc/pptpd.conf > option /etc/ppp/pptpd-options > logwtmp > localip 192.168.0.1 > remoteip 192.168.0.100-200 > > [EMAIL PROTECTED]:~# egrep -v '#' /etc/ppp/pptpd-options > name pptpd > refuse-pap > refuse-chap > refuse-mschap > require-mschap-v2 > require-mppe-128 > ms-dns 192.168.0.1 > ms-dns 77.70.5.1 > proxyarp > nodefaultroute > lock > nobsdcomp > [EMAIL PROTECTED]:~# > > [EMAIL PROTECTED]:~# egrep -v '#' /etc/init.d/firewall > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT ACCEPT > > iptables -F INPUT > iptables -F FORWARD > iptables -F OUTPUT > iptables -F -t nat > > iptables -A INPUT -p icmp -j ACCEPT > iptables -A OUTPUT -p icmp -j ACCEPT > > iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT > > iptables -A FORWARD -i eth0 -o eth1 -m state --state > ESTABLISHED,RELATED -j ACCEPT > iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j > ACCEPT > > iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT > iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT > > iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT > --to-source 77.70.5.130 > > iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP > iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP > > iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 1723 > --syn -j ACCEPT > iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT > iptables -A FORWARD -i eth0 -o ppp+ -m state --state > ESTABLISHED,RELATED -j ACCEPT > > modprobe ip_gre > modprobe ip_nat_pptp > modprobe ip_conntrack_pptp > iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP > iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP > > echo 1 > /proc/sys/net/ipv4/tcp_syncookies > echo 1 > /proc/sys/net/ipv4/ip_forward > echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts > echo 1 > /proc/sys/net/ipv4/conf/all/log_martians > echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses > echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter > echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects > echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route > > > Linux: > > ppp0 Link encap:Point-to-Point Protocol > inet addr:192.168.0.1 P-t-P:192.168.0.100 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1 > RX packets:31 errors:0 dropped:0 overruns:0 frame:0 > TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:4083 (3.9 KiB) TX bytes:160 (160.0 b) > > [EMAIL PROTECTED]:~# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 192.168.0.100 0.0.0.0 255.255.255.255 UH 0 0 0 > ppp0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth1 > 77.70.5.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > 0.0.0.0 77.70.5.1 0.0.0.0 UG 0 0 0 > eth0 > [EMAIL PROTECTED]:~# > > Windows: > > PPP adapter d3v1ous.info VPN Server: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : d3v1ous.info VPN Server > Physical Address. . . . . . . . . : > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred) > Subnet Mask . . . . . . . . . . . : 255.255.255.255 > Default Gateway . . . . . . . . . : 0.0.0.0 > DNS Servers . . . . . . . . . . . : 192.168.0.1 > 77.70.5.1 > NetBIOS over Tcpip. . . . . . . . : Enabled > > C:\>ping abv.bg > > Pinging abv.bg [194.153.145.104] with 32 bytes of data: > > Reply from 194.153.145.104: bytes=32 time=3ms TTL=59 > Reply from 194.153.145.104: bytes=32 time=4ms TTL=59 > Reply from 194.153.145.104: bytes=32 time=3ms TTL=59 > Reply from 194.153.145.104: bytes=32 time=4ms TTL=59 > > Ping statistics for 194.153.145.104: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 3ms, Maximum = 4ms, Average = 3ms > > C:\>ping d3v1ous.info > > Pinging d3v1ous.info [77.70.5.130] with 32 bytes of data: > > Reply from 77.70.5.130: bytes=32 time=2ms TTL=59 > Reply from 77.70.5.130: bytes=32 time=2ms TTL=59 > Reply from 77.70.5.130: bytes=32 time=2ms TTL=59 > Reply from 77.70.5.130: bytes=32 time=2ms TTL=59 > > Ping statistics for 77.70.5.130: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 2ms, Maximum = 2ms, Average = 2ms > > C:\>ping 192.168.0.1 > > Pinging 192.168.0.1 with 32 bytes of data: > > Reply from 192.168.0.1: bytes=32 time=3ms TTL=64 > Reply from 192.168.0.1: bytes=32 time=3ms TTL=64 > Reply from 192.168.0.1: bytes=32 time=3ms TTL=64 > Reply from 192.168.0.1: bytes=32 time=3ms TTL=64 > > Ping statistics for 192.168.0.1: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 3ms, Maximum = 3ms, Average = 3ms > > > C:\>ftp d3v1ous.info > Connected to d3v1ous.info. > 220 77.70.5.130 FTP server ready > User (d3v1ous.info:(none)): ^C > C:\> > C:\>ftp 192.168.0.1 > Connected to 192.168.0.1. > Connection closed by remote host. > > C:\> > > Linux: > [EMAIL PROTECTED]:~# netstat -ntap | grep 21 > tcp 0 0 0.0.0.0:21 0.0.0.0:* > LISTEN 4957/inetd > > > > > ------------------------------ > > _______________________________________________ > Lug-bg mailing [EMAIL PROTECTED]://linux-bulgaria.org/mailman/listinfo/lug-bg > > > -- > Danail Petrov > Senior Network Administrator > Evolink, Sofia > +359(2)9691650www.evolink.com > icq uin 989677 > > > _______________________________________________ > Lug-bg mailing list > Lug-bg@linux-bulgaria.org > http://linux-bulgaria.org/mailman/listinfo/lug-bg > >
_______________________________________________ Lug-bg mailing list Lug-bg@linux-bulgaria.org http://linux-bulgaria.org/mailman/listinfo/lug-bg
