tims
asked on
No incomming port access on ppp connection
Upgraded to kernel 2.4.9 and RedHat 7.1 (from 2.2.13 and 6.2) and I can't telnet, ftp, http or pop3 to the server over the ppp0 connection from outside of my intranet. I can connect to all those ports from the intranet via eth0.
Masquerading is working fine and I can get out to the web but I would like access to the server from work.
I thought it may be a xinetd or tcpserver setup issue. There is no telnet.tcprules or similar or a telnet.cdb plus the /etc/xinetd.d/telnet file contains:
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
Thanks for any help you can give,
Tim.
Masquerading is working fine and I can get out to the web but I would like access to the server from work.
I thought it may be a xinetd or tcpserver setup issue. There is no telnet.tcprules or similar or a telnet.cdb plus the /etc/xinetd.d/telnet file contains:
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
Thanks for any help you can give,
Tim.
ASKER
Hi Olidel,
The default route is to ppp0 and the gateway is setup ok. Do you see anything amiss with this...?
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
demon-du.demon. * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default demon-du.demon. 0.0.0.0 UG 0 0 0 ppp0
Just realised that not even ping works from an external source.
Thanks, Tim.
The default route is to ppp0 and the gateway is setup ok. Do you see anything amiss with this...?
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
demon-du.demon. * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default demon-du.demon. 0.0.0.0 UG 0 0 0 ppp0
Just realised that not even ping works from an external source.
Thanks, Tim.
To me your routes looks good. However once i had a problem with a config file. That was "/etc/sysconfig/network", I had to comment the GATEWAY parameter to have things working properly. Another problem could be in your masquerading configuration, but i don't know enough this topic to tell you more.
Hope this can help.
Bye.
did you check your firewall (ipchains, iptables)?
what does tcpdump tell you, do the host get the packets?
what does tcpdump tell you, do the host get the packets?
ASKER
Yep there is traffic coming to the server via ppp0 since tcpdump -i ppp0 gives me a whole ream of icmp: echo requests and such when I try to ping or telnet.
I have tried putting a # before GATEWAY in /etc/sysconfig/network and restarting network then the server with no joy.
The rc.firewall script looks like this:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forw ard
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP
Do I need to add something to this script to allow packets coming from ppp0 onto the server but not allow them onto the intranet unless it's part of an intranet established session?
Ta, Tim.
I have tried putting a # before GATEWAY in /etc/sysconfig/network and restarting network then the server with no joy.
The rc.firewall script looks like this:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forw
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP
Do I need to add something to this script to allow packets coming from ppp0 onto the server but not allow them onto the intranet unless it's part of an intranet established session?
Ta, Tim.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Commented that line out, restarted and all is happy. Thanks for your help.
Can you check if your IP routes are good ? You can type "route" to do that you may have an improper route when your PPP connection is up. Your default route is probably your intranet but what about the IP traffic which is coming through the PPP connection, is it going the right path ?
Hope this help
Bye.