pptpd and iptables on FC4
Man-wai CHANG
mwchang
Wed Jan 11 06:51:53 PST 2006
The linux pptpd set up pppd as localip 10.0.0.1 and remoteip
10.0.0.10-100. eth0 is the connection to internet.
After the VPN connection was up in WinXP, the default gateway was
changed to 10.0.0.10. How should I modify my iptables config file such
that WinXP could still browse internet after the VPN connection changed
the default gateway?
Here is /etc/sysconfig/iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*nat
-A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1723
-j ACCEPT
-A RH-Firewall-1-INPUT -j LOG -m limit --limit 1/m --log-tcp-options
--log-ip-options --log-prefix '[DROP]:'
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
--
.~. http://changmw.homeip.net
/ v \ Linux 2.6.15
/( _ )\ (Ubuntu 5.10) 19:42:01 up 3:10 0 users
^ ^ 0.03 0.00
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk
More information about the Linux-users
mailing list