From: Bruce S. <bw...@ar...> - 2004-02-28 18:05:04
|
> > People will still have to edit this file to put in the proper addresses, > > but having these lines would reduce the directions required, and would > > not affect people who do not use pptp. > > /etc/init.d/firewall.rules (using the default 2 card setup) > > per Friedrihch Lobenstock's email message, I added the following lines: > > ${MODPROBE} ip_conntrack_proto_gre > > ${MODPROBE} ip_conntrack_pptp > > ${MODPROBE} ip_nat_pptp > > ${MODPROBE} ip_nat_proto_gre > > and then I added the rules: > > ${IPTABLES} -A INPUT -p 47 -j ACCEPT > > ${IPTABLES} -A OUTPUT -p 47 -j ACCEPT > > ${IPTABLES} -A INPUT -p tcp --dport 1723 -i ${OUT_DEV} -j ACCEPT > > ${IPTABLES} -A INPUT -s 128.1.1.0/24 -d 128.1.1.0/24 -j ACCEPT > > ${IPTABLES} -A FORWARD -s 128.1.1.0/24 -d 128.1.1.0/24 -j ACCEPT > > Changes to the firewall scripts is the decision of Bruce, he's the > master of it. I'm sorry, I haven't really been paying attention to this thread, since I've never used PPTP. Can you bring me up to speed on what you're suggesting we change in the firewall script, and the purpose? TIA! - BS |