因公事Try PPPoe Server在CHAP Auth一直試不起來,回頭想想之前在PPTP(VPN)
的經驗看看有沒有幫助.當時只Try到撥號進來OK就作罷,但沒辦法真的透過自家的Server走出去.
但是至少在認證方面是沒有問題.
原本以為PPTP連進來的Client出不去,是NAT沒有設好,當時還不是很了解iptables.
這幾天的訓練和爬文的結果發現VPN出不去的元兇是洞沒有打開,要把GRE給OPEN.
原來只是開PORT 1723是給Client連進來用的,出去還是得走GRE 47.
兩規則建好後就通了.紀錄一下心得.(結果變成只搞定自己要的Func…冏)
1 2 3 | #VPN(PPTP) /sbin/iptables -A INPUT -p tcp --dport 47 -j ACCEPT /sbin/iptables -A INPUT -p gre -j ACCEPT |
PPTP uses IP protocol 47, designed for “General Routing Encapsulation” or GRE packets. A common mistake in configuring firewalls for use with PPTP is to open PPTP port 1723 (allowing connections to be established) but forget to forward GRE protocol type 47 (denying port data from passing through the tunnel). Some operating systems include “PPTP ping” utilities (pptpsrv and pptpclnt in Windows 2000) that verify both PPTP ports are opened.
Port 110 is used by the Post Office Protocol 3 (POP3).
http://compnetworking.about.com/od/vpn/l/bl012101a11.htm
