IPTABLES: Allow PPTP IPs to access the Internet

[xyzxyzxyz]

Hi,

I'm running an own PPTP Server, but I can't get it to access the internet.

All my PCs at home run in the 192.168.0.0/24 net,
the PPTP Server has local IP192.168.0.5 and remote IP 192.168.0.80-99.

The router to the internet is at 192.168.0.1, and the IP of eth0 on the machine where the pptpd runs is 192.168.0.4.


I want to be able to connect to the internet trough that VPN and access my local LAN servers (which works fine so far). I can ping internet and local IPs successfully, but can not access them with a browser, or connect to them in any other way.

I have 'accepted' all in/output and forwards.

I am running a Squid proxy on the same machine, and if I do:

iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -s 192.168.0.0/24 -p tcp --dport 80 --to-port 3128

... I can access the internet through Squid, but of course Jabber/ICQ etc. won't work then because it just refers port 80.

But I want the PPTP Clients to connect to the internet directly, if I don't use that rule it's not possible to load any pages. But pinging works all the time. DNS is also working fine, but I can't even access webpages via IP directly.


So how can I allow the PPTP IPs 192.168.0.80-99 to get direct access to the Internet with Iptables?


Thanks in advance!

[coopstah13]

if you have configured all traffic to need to go through the proxy, then any application using internet must be configured to use this proxy

[xyzxyzxyz]

Hi, thanks for the reply,

but I want to not to use the proxy,

so it's like this: PPTP Client -> PPTP Server -> Internet


Regards

[zombykillah]

If I am allowed to redirect you to a howto of a configuration howto for a wrt pptpd server.
____://nuwiki.openwrt.org/oldwiki/PPTPDHowto

iptables -A forwarding_rule -i ppp+ -o $WAN -j ACCEPT

I guess thats the line you are looking for ...

The only problem is, that the parameter $WAN isn't set on your system.
You can write the Internet Interface there (eth0.0 for example)

And maybe you don't have the table "forwarding_rule" ...
Guess FORWARD should work on each system ...

[xyzxyzxyz]

I have already allowed all in/output and forwards, so that can't be the problem, unfortunately.

Weird is that I can ping an IP in the internet, while connected to the PPTP Server, but can't connect to that IP it in a browser then.



Regards

[zombykillah]

Is

iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -s 192.168.0.0/24 -p tcp --dport 80 --to-port 3128

set? or not?

It says that every trafic from the pptp interface with a destination on port 80 (http) is redirected to the proxy on localhost.
So you ll have to "delete" this rule.

[xyzxyzxyz]

I know, I know.
I've just mentioned it because I thought it might help, it's disabled until I got the routing working.

If I don't set that rule I can't access the internet at all, except pinging.


Regards