Results 1 to 6 of 6

Thread: Help, PPTP + routing table.

  1. #1

    Question Help, PPTP + routing table.

    wl500g with 1.9.2.7-3c by Oleg, configured as typical "home gateway"

    My provider gives me static IP in "local" network:
    172.16.13.230 / 255.255.0.0
    Here is routing table for this (router is configured in Static IP mode)
    Code:
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.10.10.0      *               255.255.255.0   U     0      0        0 br0
    172.16.0.0      *               255.255.0.0     U     0      0        0 eth1
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         172.16.0.1      0.0.0.0         UG    0      0        0 eth1
    Using these settings I can access any "local" resources.

    To access outside network I should connect PPTP to 172.16.0.1. I set wl500g up to PPTP and it connects me to internet perfectly.
    After login WEB interface says:
    IP Address: 192.168.6.250
    Subnet Mask: 255.255.255.255
    Gateway: 192.168.9.105

    The routing table for this case as follows:
    Code:
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.9.105   *               255.255.255.255 UH    0      0        0 ppp0
    10.10.10.0      *               255.255.255.0   U     0      0        0 br0
    172.16.0.0      *               255.255.0.0     U     0      0        0 eth1
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         192.168.9.105   0.0.0.0         UG    0      0        0 ppp0
    BUT unfortunately when I log on to PPTP I lost the possibility to work with "local" resources from behind the router.
    Though they are available from router's console...

    During experiments with routing (via terminal) I even make PPTP routing table identical to Static one. But local resources still unavailable


    Is anybody can help me?

  2. #2
    would like to switch to russian

    Ok. All you have to do is to either investigate what private networks are used in your network, our route all of them and remove default route.
    e.g.:

    route add -net 10.0.0.0 netmask 255.0.0.0 gw <your default gw>
    route add -net 192.168.0.0 netmask 255.255.0.0 gw <your default gw>
    route add -net 172.16.0.0 netmask 255.240.0.0 gw <your default gw>

    Catch the point?

  3. #3
    Я законопослушный - написано же в правилах - "только на английском" <- nothing interesting

    Yes, you are right. But...
    The PPP adapter is assigned with IP 192.168.6.250/32 and GW192.168.9.105.
    This network accepts ONLY internet traffic, not "local" one. So, I should re-route local
    traffic directly to WAN port (172.16.13.230/16, gw 172.16.0.1):

    route add -net 172.16.0.0 netmask 255.255.0.0 gw 172.16.0.1

    But unfortunately this not works. More than that as I already wrote I even tried to make route table with PPTP the same as it was with static IP. No results

    So, may the troubles be somewhere else? NAT?

    P.S.: 10.10.10.0/24 is my private network behind the router
    Last edited by AE_; 05-03-2005 at 22:10.

  4. #4
    Join Date
    May 2004
    Location
    Moscow, Russia
    Posts
    50
    You should also NAT your local connections. In my case it was in post-firewall
    Code:
    #!/bin/sh
    
    # In the NAT table (-t nat), Append a rule (-A) after routing
    # (POSTROUTING) for all packets going out eth1 (-o eth1) which says to
    # MASQUERADE the connection (-j MASQUERADE).
    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    and in post-boot similar to yours.
    Code:
    #!/bin/sh
    route add -net Local.Ip.Net.Here netmask Local.Ip.Net.Mask eth1
    route add PPTP.Peer.IP.Here gw Local.IP.Gateway.Here eth1

    Works for me.
    HTH
    Roofcat

  5. #5
    First of all, lines like
    route add -net <net address> netmask <netmask> dev <device>
    are done automatically when you ifup interface.
    Actually I don't see situation in common life where user has to manually add such routes.

    Instead in typical russian "house networks" (BTW I've connected to one of them) you have several private networks with local resources like game server, IRC server, other server AND you have VPN server.

    So usually house network operator is too lazy (and users usually are not so familiar with TCP/IP stuff) to explain detailed routing tables and make .bat-files for users. Instead they either send via DHCP or give end user one default gateway address.

    So yes, NAT on eth1 may be an issue (at least I have such issue in one of the router modes, either Static IP or PPTP, don't remember exactly), but most probably that it's routing issue.

    BTW, AE_, how do you add routes - via WEB interface or via command line interface and that post-* scripts? I strongly recommend do it via CLI (telnet, ssh) for testing purposes and use scripts to automate the process.

    So my scripts:
    post-boot, *** is for external (real) IP address of local resources that accessible via local network
    Code:
    #!/bin/sh
    ifconfig eth1:1 172.20.1.254 netmask 255.255.255.0
    dropbear
    /usr/sbin/smbd -D
    /usr/sbin/nmbd -D
    route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.0.9
    route add -net 192.168.131.0 netmask 255.255.255.0 gw 192.168.0.5
    route add -host *******  gw 192.168.0.5
    route add -host *******  gw 192.168.0.5
    route add -host *******  gw 192.168.0.5
    post-firewall:
    Code:
    #!/bin/sh
    route delete -net default dev eth1
    iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT
    iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE

  6. #6

    Thanks to all, the problem is resolved!

    2 RoofCat: Many thanks!!! You said exactly what I needed. Everything works perfectly now and I'm happy
    Here is my post-firewall:
    #!/bin/sh
    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    route add -net 172.16.0.0 netmask 255.255.0.0 gw 172.16.0.1
    2Kitsok: yes, I experiment with routes via terminal and after all pptp connections were made. The trick was in masquerading
    Last edited by AE_; 06-03-2005 at 17:25.

Similar Threads

  1. Update listbox LAN to WAN Filter Table
    By njosef in forum WL-500g Custom Development
    Replies: 0
    Last Post: 28-07-2005, 20:05
  2. How to show ARP table?
    By leomir in forum WL-500g Q&A
    Replies: 2
    Last Post: 15-06-2005, 23:17
  3. Routing table bug?
    By Kitsok in forum WL-500g Q&A
    Replies: 3
    Last Post: 02-03-2005, 20:32
  4. Log message: table full, dropping packet ??
    By WlanMan in forum WL-500g Q&A
    Replies: 1
    Last Post: 24-08-2004, 15:59

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •