Basically, I would like to be able to use 'use default gateway on remote network' on windows boxes. When I reset iptables to accept all, traffic appears to go through quite happily but I just can't nail the right commands to get it working with the iptables script turned on.
On the server the pptp is the same subnet/mask as the internal network.
server = 10.0.1.254
mask = 255.255.255.0
vpn server address = 10.0.1.90
vpn client range = 10.0.1.80-89
This is an example of my iptables script:
Code: Select all
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A FORWARD -p gre -s 10.0.1.0/24 -d 10.0.1.0/24 -j ACCEPT
** this is probably self defeating **
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
Thanks
PS I forgot to mention that iptables floats over my head, so please be gentle and make is as boring and simple for me thanku
Edit: I think I sorted it :/ either that or complete fluke.
Code: Select all
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -m state --state NEW -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -m state --state NEW -p gre -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT