I was trying to get a PPTPD server to run behind my WRTSL54G router and was trying to manually add the routes to allow it- but i managed to screw up my outgoing PPTP traffic in the process
The odd thing is- i can get a connection from the Wireless fine, but not on the LAN (i have tried plugging my laptop directly in via cable and turning off the wifi and confirmed that it will not connect that way, only via Wifi)
The issue seems to be related to GRE traffic not getting back to the computer on my lan
This worked fine w/ the stock layout and i really don't want to reset it since i have already installed a bunch of SSH and USB packages (and i wouldn't learn anything if i just reset the damn thing)
So- Anybody have this problem before? are their two Chains i need to setup? ACCEPT and LAN_ACCEPT ( I thought the wifi and Lan were bridged, but i guess since it's done in software maybe iptables can treat them seperately?)
Oh- and here is where it gets really wierd.. i can VPN into my parents house fine from the physical LAN, but not my work... they are both configured exactly the same (fedora 8, poptop) and since my laptop can access my work VPN on the wifi (and because it worked from my desktop before i started messing w/ IPtables) i assume it HAS to be some wierd configuration issue with the firewall
Disconnecting the other VPNs running through my firewall doesn't help either. Conntrack shows GRE connections from both boxes.
Other then this it's running Amazingly well.. Great job guys (I am on WhiteRussian 0.9 RC6 from x-wrt w/ the swanky web interface)
Thanks in advance guys!
here is my IP tables -L Perhaps somebody could send me theirs to compare?
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN
input_rule all -- anywhere anywhere
input_wan all -- anywhere anywhere
LAN_ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
ACCEPT gre -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all -- anywhere anywhere
forwarding_wan all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain LAN_ACCEPT (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
output_rule all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.1.5 tcp dpt:1723
ACCEPT udp -- anywhere 192.168.1.5 udp dpt:1723
ACCEPT tcp -- anywhere 192.168.1.5 tcp dpt:500
ACCEPT udp -- anywhere 192.168.1.5 udp dpt:500
ACCEPT tcp -- anywhere 192.168.1.2
ACCEPT udp -- anywhere 192.168.1.2
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination