Topic: pptp adsl Rpm

[Sandro]

Hi !!!

I downloaded the pptp-adsl rpm´s from Charlie, and installed them on my 4.1 Machine.
(our ISP´s in Austria using pptp)

I configured the options.pptp and the pap-screts files as needed.

when i then start adsl manually (pptp 10.0.0.138 &) or automatic (/etc/init.d/pptp-adsl start) it seems to talk to the adsl modem, but then i get some messages on my logfile like this one:

Feb 20 17:36:46 ecomerce kernel: Packet log: denylog DENY eth1 PROTO=47 10.0.0.138
:65535 10.0.0.140:65535 L=51 S=0x00 I=6284 F=0x0000 T=64 (#1)


How can i solve this.  Can someone send me any ideas

ps: parts from my /var/log/message attached

Thanx for help

Alessandro
sandro@merlin.at

------------------------------------------------cut /var/log/message -------------------------------------------------
Feb 20 17:36:42 ecomerce (unknown)[1186]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.
c:531]: Client connection established.
Feb 20 17:36:43 ecomerce (unknown)[1186]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.
c:637]: Outgoing call established.
Feb 20 17:36:44 ecomerce kernel: Packet log: denylog DENY eth1 PROTO=47 10.0.0.138
:65535 10.0.0.140:65535 L=51 S=0x00 I=6283 F=0x0000 T=64 (#1)
Feb 20 17:36:44 ecomerce kernel: registered device ppp0
Feb 20 17:36:44 ecomerce pppd[1189]: pppd 2.4.0 started by root, uid 0
Feb 20 17:36:44 ecomerce pppd[1189]: Using interface ppp0
Feb 20 17:36:44 ecomerce pppd[1189]: Connect: ppp0 <--> /dev/ttya0
Feb 20 17:36:44 ecomerce pppd[1189]: sent [LCP ConfReq id=0x1 c 0xcad46273> ]
Feb 20 17:36:46 ecomerce kernel: Packet log: denylog DENY eth1 PROTO=47 10.0.0.138
:65535 10.0.0.140:65535 L=51 S=0x00 I=6284 F=0x0000 T=64 (#1)
Feb 20 17:36:47 ecomerce kernel: Packet log: denylog DENY eth1 PROTO=47 10.0.0.138
:65535 10.0.0.140:65535 L=60 S=0x00 I=6285 F=0x0000 T=64 (#1)
Feb 20 17:36:48 ecomerce kernel: Packet log: denylog DENY eth1 PROTO=47 10.0.0.138
:65535 10.0.0.140:65535 L=51 S=0x00 I=6286 F=0x0000 T=64 (#1)
Feb 20 17:36:50 ecomerce kernel: Packet log: denylog DENY eth1 PROTO=47 10.0.0.138
:65535 10.0.0.140:65535 L=51 S=0x00 I=6287 F=0x0000 T=64 (#1)

[Franck PIERRE]

Sandro wrote:
> when i then start adsl manually (pptp 10.0.0.138 &) or automatic (/etc/init.d/pptp-adsl start) it seems to talk to
> the adsl modem, but then i get some messages on my logfile like this one:
>
> Feb 20 17:36:46 ecomerce kernel: Packet log: denylog DENY
> eth1 PROTO=47 10.0.0.138:65535 10.0.0.140:65535 L=51 S=0x00 I=6284 F=0x0000 T=64 (#1)
>
>
> How can i solve this.  Can someone send me any ideas

I've solved this problem in the 4.1.x version of e-smith in adding only one line to the /etc/rc.d/init.d/masq :
# Allow PPTP protocol for ADSL connections (Alcatel Speed Touch Home modems)
/sbin/ipchains --append input -p 47 -s 10.0.0.138/32 -d 10.0.0.10/32 -i eth1 -j ACCEPT

You just have to add this line before those :
# These are open to sockets created by connections allowed by ipchains
/sbin/ipchains --append input -p tcp -s 0/0 -d 0/0 1023:65535 -j ACCEPT
/sbin/ipchains --append input -p udp -s 0/0 -d 0/0 1023:65535 -j ACCEPT

Of course, if your ethernet card hasn't the 10.0.0.10 IP adress and is not eth1, change them.
I know this solution is not ideal, but i haven't enough time to learn how e-smith's templates work (8-(((

If you have any further problems with this package, you can contact me.

[Charlie Brady]

Hi Franck

Franck PIERRE wrote:

> I've solved this problem in the 4.1.x version of e-smith in
> adding only one line to the /etc/rc.d/init.d/masq :
> # Allow PPTP protocol for ADSL connections (Alcatel Speed
> Touch Home modems)
> /sbin/ipchains --append input -p 47 -s 10.0.0.138/32 -d
> 10.0.0.10/32 -i eth1 -j ACCEPT

Franck, please don't advocate changing that file. As it says right at the top of the file:

# DO NOT MODIFY THIS FILE!

Instead, just create a file /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowPPTP

containing your rules:

> /sbin/ipchains --append input -p 47 -s 10.0.0.138/32 -d
> 10.0.0.10/32 -i eth1 -j ACCEPT

> I know this solution is not ideal, but i haven't enough time
> to learn how e-smith's templates work (8-(((

Of course you do!

See http://www.e-smith.org/custom/ for details.

Regards

Charlie

[Tim Larson]

> Instead, just create a file
> /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowPPTP
>
> containing your rules:
>
> > /sbin/ipchains --append input -p 47 -s 10.0.0.138/32 -d
> > 10.0.0.10/32 -i eth1 -j ACCEPT


I have been trying to do the same thing, and I want to stay in line with the templates idea.  The strange thing is, the 45AllowPPTP already exists in the specified directory.  I didn't put them there, the file already existed.  

Unfortunately, the lines in the file do not show up in the /etc/rc.d/init.d/masq file.  How do I get the template system to use the 45AllowPPTP file and put its contents into the /etc/rc.d/init.d/masq file?

Thanks,

     Tim Larson

[Tim Larson]

> Unfortunately, the lines in the file do not show up in the
> /etc/rc.d/init.d/masq file.  How do I get the template system
> to use the 45AllowPPTP file and put its contents into the
> /etc/rc.d/init.d/masq file?

I figured out my own problem.  What exists in the template masq file for 45AllowPPTP is as follows:

---------begin
{
    local %services;
    $services{'pptpd'} = $pptpd;

    if ( db_get_prop(\%services, 'pptpd', 'status') eq 'enabled' )
    {
        $OUT .= <<'HERE';
    /sbin/ipchains --append input -p tcp -s 0/0 -d $OUTERNET 1723 -j ACCEPT
    /sbin/ipchains --append input -p 47 -s 0/0 -d $OUTERNET -j ACCEPT
HERE
    }
}
--------end

Apparently, this is a bit of perl code that for some reason the if statement comes out as false and so it doesn't include it.  So I'm going to put this in the custom templates directory, yank all the perl stuff (except the outernet variable) and it should work.  I think.

      Tim Larson