We help IT Professionals succeed at work.

No incomming port access on ppp connection

tims
tims asked
on
Upgraded to kernel 2.4.9 and RedHat 7.1 (from 2.2.13 and 6.2) and I can't telnet, ftp, http or pop3 to the server over the ppp0 connection from outside of my intranet.  I can connect to all those ports from the intranet via eth0.

Masquerading is working fine and I can get out to the web but I would like access to the server from work.

I thought it may be a xinetd or tcpserver setup issue.  There is no telnet.tcprules or similar or a telnet.cdb plus the /etc/xinetd.d/telnet file contains:

service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
        disable         = no
}

Thanks for any help you can give,
Tim.
Comment
Watch Question

Commented:
Hi,

     Can you check if your IP routes are good ? You can type "route" to do that you may have an improper route when your PPP connection is up. Your default route is probably your intranet but what about the IP traffic which is coming through the PPP connection, is it going the right path ?

Hope this help

Bye.

Author

Commented:
Hi Olidel,

The default route is to ppp0 and the gateway is setup ok.  Do you see anything amiss with this...?

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
demon-du.demon. *               255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         demon-du.demon. 0.0.0.0         UG    0      0        0 ppp0

Just realised that not even ping works from an external source.

Thanks, Tim.

Commented:

 To me your routes looks good. However once i had a problem with a config file. That was "/etc/sysconfig/network", I had to comment the GATEWAY parameter to have things working properly. Another problem could be in your masquerading configuration, but i don't know enough this topic to tell you more.

Hope this can help.

Bye.
CERTIFIED EXPERT

Commented:
did you check your firewall (ipchains, iptables)?
what does tcpdump tell you, do the host get the packets?

Author

Commented:
Yep there is traffic coming to the server via ppp0 since tcpdump -i ppp0 gives me a whole ream of icmp: echo requests and such when I try to ping or telnet.

I have tried putting a # before GATEWAY in /etc/sysconfig/network and restarting network then the server with no joy.

The rc.firewall script looks like this:

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP

Do I need to add something to this script to allow packets coming from ppp0 onto the server but not allow them onto the intranet unless it's part of an intranet established session?

Ta, Tim.
CERTIFIED EXPERT
Commented:
the last to rules in rc.firewall reject connections to your machine

Author

Commented:
Commented that line out, restarted and all is happy.  Thanks for your help.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.