Ïðîáðîñ PPtP è GRE

**don-pedro** · 16-05-2014, 10:29

Originally Posted by Pablo Escobar

Êîëëåãè, ïîäñêàæèòå, êàê îðãàíèçîâàòü ïðîáðîñ.

Âîò òàêèå çàêëèíàíèÿ íå ïîìîãàþò

Code:

iptables -A INPUT -i ppp0 -p 47 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p 47 -j ACCEPT
iptables -A FORWARD -p TCP -s ppp0  --dport 1723 -j ACCEPT
iptables -A FORWARD -p TCP -d ppp0 -m state --state ESTABLISHED,RELATED --sport 1723 --dport -j ACCEPT
iptables -A FORWARD -p 47 -s ppp0 -j ACCEPT
iptables -A FORWARD -p 47 -d ppp0 -j ACCEPT

OpenVPN íåæåëàòåëåí, èáî êëèåíòû ìàêîñè î÷. êðèâûå äëÿ íåãî.
Ñïàñèáî.

Ñîîáðàæåíèÿ:
1) ×òî-òî â ýòèõ çàêëèíàíèÿõ íå âèäíî ñîáñòâåííî ïðîáðîñà.
2) pptp over pptp - âîçìîæíî ëè â ïðèíöèïå?..
3) Èç ìîèõ çíàêîìûõ íèêòî íà Tunnelblick íå æàëîâàëñÿ.

**Pablo Escobar** · 16-05-2014, 10:43

Originally Posted by don-pedro

Ñîîáðàæåíèÿ:
1) ×òî-òî â ýòèõ çàêëèíàíèÿõ íå âèäíî ñîáñòâåííî ïðîáðîñà.
2) pptp over pptp - âîçìîæíî ëè â ïðèíöèïå?..
3) Èç ìîèõ çíàêîìûõ íèêòî íà Tunnelblick íå æàëîâàëñÿ.

Êàê-òî òàê, íàâåðíîå? Ïîïðàâèòü ìîæåòå?

Code:

iptables -A INPUT -i ppp0 -p 47 192.168.1.128 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p 47 192.168.1.128 -j ACCEPT
iptables -A FORWARD -p TCP -s ppp0 --dport 1723 —d 192.168.1.128 -j ACCEPT
iptables -A FORWARD -p TCP -d ppp0 -m state --state ESTABLISHED,RELATED --sport 1723 —d 192.168.1.128 -j ACCEPT
iptables -A FORWARD -p 47 -s ppp0 -j ACCEPT
iptables -A FORWARD -p 47 -d ppp0 -j ACCEPT

Tunnelblick íà 10.9 êðýøèòñÿ ó ìåíÿ.

**don-pedro** · 16-05-2014, 10:55

Originally Posted by Pablo Escobar

Êàê-òî òàê, íàâåðíîå? Ïîïðàâèòü ìîæåòå?

Code:

iptables...

Tunnelblick íà 10.9 êðýøèòñÿ ó ìåíÿ.

Ïåðâûé âàðèàíò áûë ïðàâèëüíåå:)
Íî òàì òîëüêî ðàçðåøåíèÿ. Ïðîáðîñà íåò.
Ïðîáðîñ äåëàåòñÿ òèïà òàê:

Code:

-A VSERVER -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.128:1723
-A VSERVER -p 47 -j DNAT --to-destination 192.168.1.128

Íî:
- íàäî óáåäèòüñÿ, ÷òî ïðîâàéäåð íå ðåæåò gre
- ÷òî pptp over pptp (èëè ÷òî òàì ó âàñ íà ppp0) â ïðèíöèïå âîçìîæíî

Tunnelblick êàêîé âåðñèè?

**Pablo Escobar** · 16-05-2014, 11:04

Code:

iptables -A INPUT -i ppp0 -p 47 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p 47 -j ACCEPT
iptables -A FORWARD -p TCP -s ppp0  --dport 1723 -j ACCEPT
iptables -A FORWARD -p TCP -d ppp0 -m state --state ESTABLISHED,RELATED --sport 1723 --dport -j ACCEPT
iptables -A FORWARD -p 47 -s ppp0 -j ACCEPT
iptables -A FORWARD -p 47 -d ppp0 -j ACCEPT
iptables -A VSERVER -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.128:1723
iptables -A VSERVER -p 47 -j DNAT --to-destination 192.168.1.128

Íå ðàáîòàåò.
Ïðîâàéäåð, ïî èäåå, GRE íå áëîêèðóåò.
Tunnelblick 3.4beta26 [sourceforge.net] (build 3828). À äëÿ àéôîíà ÷òî äåëàòü? Tunnelblick íå âàðèàíò.

**don-pedro** · 16-05-2014, 11:25

Originally Posted by Pablo Escobar

Code:

iptables -A INPUT -i ppp0 -p 47 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p 47 -j ACCEPT
iptables -A FORWARD -p TCP -s ppp0  --dport 1723 -j ACCEPT
iptables -A FORWARD -p TCP -d ppp0 -m state --state ESTABLISHED,RELATED --sport 1723 --dport -j ACCEPT
iptables -A FORWARD -p 47 -s ppp0 -j ACCEPT
iptables -A FORWARD -p 47 -d ppp0 -j ACCEPT
iptables -A VSERVER -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.128:1723
iptables -A VSERVER -p 47 -j DNAT --to-destination 192.168.1.128

Íå ðàáîòàåò.

Íåïëîõî áû áûëî óâèäåòü òàáëèöó öåëèêîì.

Originally Posted by Pablo Escobar

Ïðîâàéäåð, ïî èäåå, GRE íå áëîêèðóåò.

Ýòî íóæíî çíàòü òî÷íî, à íå "ïî èäåå".

**Pablo Escobar** · 16-05-2014, 11:39

Originally Posted by don-pedro

Íåïëîõî áû áûëî óâèäåòü òàáëèöó öåëèêîì.

Code:

]$ iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       udp  --  anywhere             anywhere            udp dpt:5xxx to:192.168.1.13:5xxx 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:5xxx to:192.168.1.13:5xxx
VSERVER    all  --  anywhere             89.x.x.x.    
VSERVER    all  --  anywhere             10.y.y.y       
NETMAP     udp  --  anywhere             89.x.x.z	     udp spt:6112 192.168.1.0/24
DNAT       udp  --  anywhere             anywhere            udp dpts:11000:11100 to:192.168.1.11 
DNAT       udp  --  anywhere             anywhere            udp dpt:5xxx to:192.168.1.11 
DNAT       udp  --  anywhere             anywhere            udp dpt:4xxx to:192.168.1.11 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:5xxxx to:192.168.1.11:22 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:5xxxx to:192.168.1.11:443 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:5xxxx to:192.168.1.1:22 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:5xxxx to:192.168.1.10:9443 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
NETMAP     udp  --  192.168.1.0/24       anywhere            udp dpt:6112 89.x.x.z/32
MASQUERADE  all  -- !89.x.x.z	    	 anywhere            
MASQUERADE  all  -- !10.y.y.y	       anywhere            
MASQUERADE  all  --  192.168.1.0/24       192.168.1.0/24      

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain UPNP (1 references)
target     prot opt source               destination         
DNAT       udp  --  anywhere             anywhere            udp dpt:4xxx to:192.168.1.7:4xxx
DNAT       tcp  --  anywhere             anywhere            tcp dpt:5xxxx to:192.168.1.13:5xxxx 

Chain VSERVER (2 references)
target     prot opt source               destination         
UPNP       all  --  anywhere             anywhere            
DNAT       udp  --  anywhere             anywhere            udp dpt:5xxx to:192.168.1.11:5xxx 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:1723 to:192.168.1.128:1723 
DNAT       udp  --  anywhere             anywhere            udp dpt:1723 to:192.168.1.128:1723 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:47 to:192.168.1.128:47 
DNAT       udp  --  anywhere             anywhere            udp dpt:47 to:192.168.1.128:47

**don-pedro** · 16-05-2014, 11:52

Originally Posted by Pablo Escobar

Code:

DNAT       tcp  --  anywhere             anywhere            tcp dpt:1723 to:192.168.1.128:1723 
DNAT       udp  --  anywhere             anywhere            udp dpt:1723 to:192.168.1.128:1723

Âòîðàÿ ñòðî÷êà íå íóæíà. Õîòü è íå ìåøàåò.

Originally Posted by Pablo Escobar

Code:

DNAT       tcp  --  anywhere             anywhere            tcp dpt:47 to:192.168.1.128:47 
DNAT       udp  --  anywhere             anywhere            udp dpt:47 to:192.168.1.128:47

Òóò ìû âèäèì ïðîáðîñ ïîðòà 47, à íå ïðîòîêîëà 47.
Ïðîáðîñ gre â òàáëèöå îòñóòñòâóåò.

**Pablo Escobar** · 16-05-2014, 11:54

Originally Posted by don-pedro

Òóò ìû âèäèì ïðîáðîñ ïîðòà 47, à íå ïðîòîêîëà 47.
Ïðîáðîñ gre â òàáëèöå îòñóòñòâóåò.

Íàó÷èòå, ïîæàëóéñòà.

**don-pedro** · 16-05-2014, 11:57

Originally Posted by Pablo Escobar

Íàó÷èòå, ïîæàëóéñòà.

Íó, ïèñàë æå óæå:

Code:

iptables -A VSERVER -p 47 -j DNAT --to-destination 192.168.1.128

**don-pedro** · 16-05-2014, 12:05

Åù¸, âåðîÿòíî, íàäî

Code:

insmod ip_gre

:)

Thread: Ïðîáðîñ PPtP è GRE

Thread Tools

Rate This Thread

Display

Similar Threads

Ïðîáëåìû ñ l2tp è pptp â Êîðáèëàéíå

Ïðîáðîñ USB ÷åðåç TCP/IP (USB/IP) - ïîäêëþ÷åíèå ïðèíòåðà (ÌÔÓ)

Êòî-íèáóäü íàñòðàèâàë PPtP ïîâåðõ PPPoE?

Ôëåøêà, ssh äîñòóï èç wan, ïðîáðîñ è îòêðûòèå ïîðòîâ èç web èíòåðôåéñà

Ïîäêëþ÷åíèå WL-500gP ïî PPTP

Tags for this Thread

Posting Permissions