Forum Replies Created
Thanks for ur thinkwork. now it works to have internet while pptp connected from within the lan. I clicked to add a new forward rule and added in the iptabels parameter section the following: -i ppp10. Then just clicked confirm (and save) and got the following rule:
9 * * ACCEPT all opt — in ppp10 out * 0.0.0.0/0 -> 0.0.0.0/0
now it works.
To allow acces from the wan i have added on input chain tcp port 1723 and the GRE protocol on ETH01. Tomorrow i can test if that works i hope.
Thanks for your nice and versatile router/firewall software!
Yes that ia possible. i’ve worked with openvpn before. the only thing is that with pptp i can connect from any windows machine without carrying my usb-stick with the openvpn-client or the certificates.
Openvpn works great with zeroshell.
i think i know now why is does not work as i want.
after establishing a pptp connection client traffic may not be recognised as coming from ETH00, but from ppp10, (i saw this connection appear with the ifconfig command). The ppp10 adapter does not show in the web-interface. So maybe it will work if i wrote the iptabels commandline command for allowing all traffic from ppp10, just like in my allow all traffic from ETH00 line.
Or do u think that i should look to change the adapter pptp binds to vpn99?
correct me if this line is wrong please.
iptables -A FORWARD -i ppp10 -j ACCEPT
I wanted to connect from the LAN 1st: for testing purpose, the connection works and i dont see why it does not work with forward on drop.
2nd:, i want to build my lan so that other people can not listen in on my pc. to have a tunnel directly to my gateway does that i think.
I want also to be able to connect from the WAN 1st to acces my server and documents
2nd: to route my internet trafic through my home connection when i am at a public wireless internet place, like a railway station.
3rd: I sometimes work with sensitive data that is stored at my LAN, i dont want that to leave my LAN. With a vpn i can acces that data from anywhere.
Thanks for your help so far.
Could u post the firewall rules and in what chain to put them, as i am absolutely not familiar with iptables. if u want, u can post them as text (iptables, sport, dport, etc.)
Below i post a drawing of my network setup.
Thanx for your answer. i thougd somewhat the same as what u desribe. But still the problem. u tell me that if i connect from the lan side, my chains are configered correct if i remove the rules described by u.
If i connect my vpn from lan, i have no internet connection anymore when the forward chain is in drop mode. when i put it to accept, i have working internet again during my pptp session.
So my question is how to accomplish that one. with the forward chain on drop mode.
Below i will post the screenshots of what i tried. i trie this on beta 12, since radius did not work on beta 13, (see my bug post)
my output chain is on accept all the time, since i see no need to secure it ( am i right?)
i test this from my lan to the zeroshel box. so the connection starts via eth00. i would like that it would both work when im on the same lan and also when at someone elses house, so at a different public ip.
Forward chain in accepting mode, internet through pptp works:
forward chain to drop. tcp 1723 and GRE destination. no internet:
forward chainto drop. tcp 1723 and GRE source and the one above this one. still no internet:
input chain tcp 1723 and GRE destination, combined with the above picture. No internet:
Do i also need to make a virtual server in the router page?
I have roughly the same situation as TS.
i try to make a pptp connection
eth00 lan 192.168.8.0/24
eth01 dhcp internet
i have edited the pptpd.conf with a local ip in my eth00 range.
i have to use the zeroshell box as a firewall and a router, since its my outside connection.
i have the input, output, forward chains so that everything from lan can go everywhere and from internet is blocked except for related and established.
the default policy for input and forward is block.
now my problem is: (test) connecting from my lan works ok, but no internet or other network resources. When i put the forward chain to accept as default then everything works.
Can someone tell me what (how) i have to make accept ruels for in the forward chain?
i tried GRE and tcp port 1723, but i can’t get it to work.
Does anyone know what i should do?
i think that u did well. ur gateway (zeroshell) usually will be given the 192.168.0.1 instead of 192.168.0.75 ip on the lan side, that just a common agreement to make things easy.
On the cable modem subject: My cable internet provider ( UPC) requires me to register my MAC address with them, after that they know its me and give me the full speed on the line. Maybe yours does to. I dont know if zeroshel can spoof a MAC address, if not just call ur ISP and ask them if they require it and if so give them the new MAC address. If its the case, there is usually in your manual of the cable modem a line that says go to this or that website and enter your details. DHCP is how my gateway gets an address from my cable modem.
Good luck!July 10, 2010 at 1:57 am in reply to: Beta13 BUG: Can’t give "Radius Permission" to user #50649
I have the same problem. i posted it in the bug section, but no respons so far.
no one knows a work around, except for instelling beta 12..?