Ребят помогите, а то головой уже об стенку размажусь, не могу найти ошибку ...В общем стоит Debian Lenny. Он у нас с одной сетевой картой с внешним ип, и должен соединиться к другому серверу в другой части страны.
eth0 Link encap:Ethernet HWaddr 00:13:d4:91:b8:2b
inet addr:83.49.112.14 Bcast:83.69.212.15 Mask:255.255.255.248
inet6 addr: fe80::213:d4ff:fe91:b82b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:336436 errors:0 dropped:0 overruns:0 frame:0
TX packets:466302 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37754860 (36.0 MiB) TX bytes:37970858 (36.2 MiB)
Interrupt:19 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:33155 errors:0 dropped:0 overruns:0 frame:0
TX packets:33155 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1434108 (1.3 MiB) TX bytes:1434108 (1.3 MiB)
root@r0:/script# cat iptables.src
#!/bin/bash
echo "Applying iptables rules ..."
IPT="/sbin/iptables"
DNS="217.67.198.182"
SERVER_IP="83.49.112.14"
DEFAULT_POLICY="DROP"
VPN_SERVER1="77.73.140.46"
# Deleting everything
$IPT -F
$IPT -X
# Allow next:
# Allow unlimited traffic on loopback
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# LOG
# $IPT -A INPUT -d $SERVER_IP -j LOG
# DNS
# Allow connection from DNS servers to source ports 1024-65535 to the port 53 on the SERVER
$IPT -A OUTPUT -p udp -s $SERVER_IP --sport 1024: -d $DNS --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A INPUT -p udp -s $DNS --sport 53 -d $SERVER_IP --dport 1024: -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp -s $SERVER_IP --sport 1024: -d $DNS --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A INPUT -p tcp -s $DNS --sport 53 -d $SERVER_IP --dport 1024: -m state --state ESTABLISHED -j ACCEPT
# ICMP
# Allow ICMP
$IPT -A INPUT -p icmp -s 0/0 -d $SERVER_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p icmp -s $SERVER_IP -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# SSH
$IPT -A INPUT -p tcp -s 0/0 -d $SERVER_IP --sport 0: --dport 17022 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 17022 --dport 0: -m state --state NEW,ESTABLISHED -j ACCEPT
# HTTP
$IPT -A INPUT -p tcp -s 0/0 -d $SERVER_IP --sport 1024: --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 80 --dport 1024: -m state --state ESTABLISHED -j ACCEPT
#--- Allow server to download HTTP from internet
$IPT -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 1024: --dport 80 -j ACCEPT
# PPTPD (VPN)
#iptables -A INPUT -p gre -j ACCEPT
#iptables -A INPUT -m tcp -p tcp --dport 1723 -j ACCEPT
$IPT -A INPUT -p tcp --dport 1723 -j ACCEPT
$IPT -A INPUT -p udp --dport 1723 -j ACCEPT
$IPT -A OUTPUT -p 47 -j ACCEPT
$IPT -A INPUT -p 47 -j ACCEPT
$IPT -A INPUT -p tcp --dport 1723 -j ACCEPT
$IPT -A INPUT -i eth0 -p 47 -j ACCEPT
$IPT -A OUTPUT -o eth0 -p 47 -j ACCEPT
$IPT -A INPUT -i eth0 -p udp --dport 1723 -j ACCEPT
$IPT -A OUTPUT -o eth0 -p udp --sport 1723 -j ACCEPT
#$IPT -N PPTPD
#$IPT -A PPTPD -p tcp -d $SERVER_IP --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
#$IPT -A PPTPD -p gre -d $SERVER_IP -j ACCEPT
#$IPT -A PPTPD -p gre -s $SERVER_IP -j ACCEPT
# DROP everything that could go on
$IPT -A INPUT -j $DEFAULT_POLICY
$IPT -A OUTPUT -j ACCEPT
#$DEFAULT_POLICY
$IPT -A FORWARD -j ACCEPT
#$DEFAULT_POLICY
Это на клиенте Debian Lenny.
Сейчас выдает следующее ...
pon sgstr debug nodetach
using channel 301
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8bdcdc85> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8bdcdc85> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8bdcdc85> <pcomp> <accomp>]
^CTerminating on signal 2
Child process pptp 77.73.140.46 --nolaunchpppd (pid 32326) terminated with signal 2
Modem hangup
Connection terminated.
Когда в iptabels разрешаю все ppp работает на ура ...
root@r0:/script# pon sgstr debug nodetach
using channel 305
Using interface ppp1
Connect: ppp1 <--> /dev/pts/4
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x494f5673> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6dbe0fa8> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x494f5673> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x6dbe0fa8> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x6dbe0fa8]
rcvd [LCP EchoReq id=0x0 magic=0x494f5673]
sent [LCP EchoRep id=0x0 magic=0x6dbe0fa8]
rcvd [CHAP Challenge id=0x33 <cf9eba92795831df8825cf85bd7833ec>, name = "pptpd"]
sent [CHAP Response id=0x33 <e1cb82b49b579658e2fad1d9da3b541c00000000000000004a7130bfcf1ad201ed5bbfe7c2f9691a3ec40d3fea27a6eb00>, name = "rootiks"]
rcvd [LCP EchoRep id=0x0 magic=0x494f5673]
rcvd [CHAP Success id=0x33 "S=03B2F00B2ECC417452F274622760AB84A30523D6 M=Access granted"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 83.69.212.14>]
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.210>]
sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 192.168.1.210>]
rcvd [IPCP ConfNak id=0x1 <addr 192.168.1.220>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 192.168.1.220>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 192.168.1.220>]
Cannot determine ethernet address for proxy ARP
local IP address 192.168.1.220
remote IP address 192.168.1.210
Script /etc/ppp/ip-up started (pid 32501)
Script /etc/ppp/ip-up finished (pid 32501), status = 0x0
Кто сталкивался с таким ... подскажите чего сможете ...