Any ideas what could be wrong?
This is my current routing:
Code: Select all
[root ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun1
172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0
88.xxx.xxx.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 88.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0
[root ~]#
Also, I have this routing in ioptables, so how do I get the pptp port to be redirected?
Code: Select all
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 443 -j DNAT --to-destination 88.xxx.xxx.xx9:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 88.xxx.xxx.xx9
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1460
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1723 -j DNAT --to-destination 88.xxx.xxx.xx9:1723
-A POSTROUTING -s 10.8.1.0/255.255.255.0 -o eth0 -j MASQUERADE
Here is my iptables:
Code: Select all
# Generated by iptables-save v1.4.7 on Sun Nov 25 22:45:46 2012
*mangle
:PREROUTING ACCEPT [1490053707:1036617946585]
:INPUT ACCEPT [625694708:365286746462]
:FORWARD ACCEPT [859720908:670949790610]
:OUTPUT ACCEPT [760469091:982961370679]
:POSTROUTING ACCEPT [1620189999:1653911161289]
COMMIT
# Completed on Sun Nov 25 22:45:46 2012
# Generated by iptables-save v1.4.7 on Sun Nov 25 22:45:46 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [390:204397]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1935 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5001 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5001 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i tun+ -j ACCEPT
-A RH-Firewall-1-INPUT -i tap+ -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Nov 25 22:45:46 2012
# Generated by iptables-save v1.4.7 on Sun Nov 25 22:45:46 2012
*nat
:PREROUTING ACCEPT [11980035:900517415]
:POSTROUTING ACCEPT [2124769:132314589]
:OUTPUT ACCEPT [2124633:132309469]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Nov 25 22:45:46 2012
Code: Select all
Nov 25 00:00:12 jason rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="5395" x-info="web"] rsyslogd was HUPed
Nov 25 22:29:53 jason kernel: tun0: Disabled Privacy Extensions
Nov 25 22:31:04 jason kernel: tun0: Disabled Privacy Extensions
Nov 25 22:38:01 jason pptpd[25853]: MGR: Maximum of 100 connections reduced to 91, not enough IP addresses given
Nov 25 22:38:01 jason pptpd[25854]: MGR: Manager process started
Nov 25 22:38:01 jason pptpd[25854]: MGR: Maximum of 91 connections available
Nov 25 22:42:15 jason pptpd[25916]: MGR: Maximum of 100 connections reduced to 91, not enough IP addresses given
Nov 25 22:42:15 jason pptpd[25917]: MGR: Manager process started
Nov 25 22:42:15 jason pptpd[25917]: MGR: Maximum of 91 connections available
Nov 25 22:50:05 jason kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Nov 25 22:50:05 jason kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
Nov 25 22:50:41 jason pptpd[26072]: CTRL: Client 86.15.42.109 control connection started
Nov 25 22:50:41 jason pptpd[26072]: CTRL: Starting call (launching pppd, opening GRE)
Nov 25 22:50:41 jason pppd[26073]: Warning: can't open options file /root/.ppprc: Permission denied
Nov 25 22:50:41 jason pppd[26073]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 25 22:50:41 jason kernel: PPP generic driver version 2.4.2
Nov 25 22:50:41 jason pppd[26073]: pppd 2.4.5 started by root, uid 0
Nov 25 22:50:41 jason pppd[26073]: Using interface ppp0
Nov 25 22:50:41 jason pppd[26073]: Connect: ppp0 <--> /dev/pts/0
Nov 25 22:50:41 jason pptpd[26072]: GRE: Bad checksum from pppd.
Nov 25 22:51:11 jason pppd[26073]: LCP: timeout sending Config-Requests
Nov 25 22:51:11 jason pppd[26073]: Connection terminated.
Nov 25 22:51:11 jason pppd[26073]: Modem hangup
Nov 25 22:51:11 jason pppd[26073]: Exit.
Nov 25 22:51:11 jason pptpd[26072]: GRE: read(fd=6,buffer=611860,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of $
Nov 25 22:51:11 jason pptpd[26072]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Nov 25 22:51:11 jason pptpd[26072]: CTRL: Client 86.15.42.109 control connection finished