On Thursday 24 October 2002 7:17 pm, Sundaram Ramasamy wrote: > Hi, > > I am trying setup poptop VPN server on my firewall machine. > > eth0 - internet IP > eth1 - LAN IP (192.168.1.1) > > from inside my LAN I was able to make the connection, from outside I was > not able to make the connection. > > tcpdump -i eth0 proto 47 or port 1723 > the above command not showing any information. > > my iptables command: > iptables -A INPUT -i eth0 -p tcp --dport 1763 -j ACCEPT > iptables -A INPUT -i eth0 -p 47 -j ACCEPT What packets are you allowing out ? Try adding a rule at the end of your INPUT chain just before the default DROP to LOG any packets which aren't being accepted to see if you need any extra rules. The fact that it worked from the inside but it doesn't work from the outside means that (a) it can be made to work, (b) the problem, if it's with netfilter, must be in a rule which specifies the interface or the source address, and (c) you can easily capture a working session from the inside to see what protocols / ports it does need, to make sure they are allowed from the outside. Are you sure that your ISP doesn't block the ports or protocols needed to make this work externally ? Antony. -- What is this talk of software 'release' ? Our software evolves and matures until it becomes capable of escape, leaving a bloody trail of designers and quality assurance people in its wake.
