augusto1770 DD-WRT Novice
Joined: 23 Dec 2007 Posts: 1
|
Posted: Sun Dec 23, 2007 10:38 Post subject: Forwarding in VPN (not a banal problem) |
|
Hi..
I have a linksys WRT54GL with dd-wrt with DD-WRT v23 SP2 (09/15/06) voip
I use it for connect to VPN using a script :
Code: | echo 'if [ "`ls /tmp/pptpd_client/options.vpn`" = "/tmp/pptpd_client/options.vpn" ] ; then
if [ "`tail -1 /tmp/pptpd_client/options.vpn`" != "ip-up-script /tmp/ip-up" ]; then
echo 'ip-up-script /tmp/ip-up' >> /tmp/pptpd_client/options.vpn
cp /tmp/ip-up /tmp/pptpd_client/ip-up
killall pppd
fi
fi' > /tmp/change_ppp_option.startup
echo '#!/bin/sh
REMOTESUB=$(/usr/sbin/nvram get pptpd_client_srvsub)
REMOTENET=$(/usr/sbin/nvram get pptpd_client_srvsubmsk)
WANGATEWAY=$(/usr/sbin/nvram get wan_gateway)
case "$6" in
kelokepptpd)
/sbin/route add -net $REMOTESUB netmask $REMOTENET dev $1
/usr/sbin/iptables --insert OUTPUT --source 0.0.0.0/0.0.0.0 --destination $REMOTESUB/$REMOTENET --jump ACCEPT --out-interface $1
/usr/sbin/iptables --insert INPUT --source $REMOTESUB/$REMOTENET --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface $1
/usr/sbin/iptables --insert FORWARD --source 0.0.0.0/0.0.0.0 --destination $REMOTESUB/$REMOTENET --jump ACCEPT --out-interface $1
/usr/sbin/iptables --insert FORWARD --source $REMOTESUB/$REMOTENET --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface $1
/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
if [ "$(/usr/sbin/nvram get pptpd_client_nat)" = "1" ]; then
/usr/sbin/iptables --table nat --append POSTROUTING --out-interface $1 --jump MASQUERADE
fi
;;
*)
esac
route add -host 10.253.13.1 gw $WANGATEWAY dev vlan1
route add default gw $4 dev $1
#route del default gw $WANGATEWAY
route del 10.13.64.1 dev ppp0
route del -net 88.86.184.0 netmask 255.255.255.0
exit 0' > /tmp/ip-up
chmod 777 tmp/change_ppp_option.startup
chmod 777 tmp/ip-up
echo '*/1 * * * * root /tmp/change_ppp_option.startup' > /tmp/cron.d/check_pptp |
this is my response to iptable --list :
Code: |
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 88.86.184.0/24 anywhere
DROP tcp -- anywhere anywhere tcp dpt:webcache
DROP tcp -- anywhere anywhere tcp dpt:www
DROP tcp -- anywhere anywhere tcp dpt:https
DROP tcp -- anywhere anywhere tcp dpt:telnet
DROP tcp -- anywhere anywhere tcp dpt:69
DROP tcp -- anywhere anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- 88.86.184.0/24 anywhere
ACCEPT all -- anywhere 88.86.184.0/24
ACCEPT all -- anywhere anywhere
logdrop all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460
lan2wan all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:1760
ACCEPT udp -- anywhere 192.168.1.100 udp dpt:1760
ACCEPT tcp -- anywhere 192.168.1.100 tcp dpts:1750:1760
ACCEPT udp -- anywhere 192.168.1.100 udp dpts:1750:1760
TRIGGER all -- anywhere anywhere TRIGGER type:in match:0 relate:0
trigger_out all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.1.100
ACCEPT all -- anywhere anywhere state NEW
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 88.86.184.0/24
Chain advgrp_1 (0 references)
target prot opt source destination
Chain advgrp_10 (0 references)
target prot opt source destination
Chain advgrp_2 (0 references)
target prot opt source destination
Chain advgrp_3 (0 references)
target prot opt source destination
Chain advgrp_4 (0 references)
target prot opt source destination
Chain advgrp_5 (0 references)
target prot opt source destination
Chain advgrp_6 (0 references)
target prot opt source destination
Chain advgrp_7 (0 references)
target prot opt source destination
Chain advgrp_8 (0 references)
target prot opt source destination
Chain advgrp_9 (0 references)
target prot opt source destination
Chain grp_1 (0 references)
target prot opt source destination
Chain grp_10 (0 references)
target prot opt source destination
Chain grp_2 (0 references)
target prot opt source destination
Chain grp_3 (0 references)
target prot opt source destination
Chain grp_4 (0 references)
target prot opt source destination
Chain grp_5 (0 references)
target prot opt source destination
Chain grp_6 (0 references)
target prot opt source destination
Chain grp_7 (0 references)
target prot opt source destination
Chain grp_8 (0 references)
target prot opt source destination
Chain grp_9 (0 references)
target prot opt source destination
Chain lan2wan (1 references)
target prot opt source destination
Chain logaccept (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain logdrop (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp reject-with tcp-reset
Chain trigger_out (1 references)
target prot opt source destination
TRIGGER tcp -- anywhere anywhere tcp dpts:1750:1760 TRIGGER type:out match:1750-1760 relate:1750-1760
TRIGGER udp -- anywhere anywhere udp dpts:1750:1760 TRIGGER type:out match:1750-1760 relate:1750-1760
|
My problem is the forwarding of port...
I need to forward from port 1750 to 1760
The normal procedure of forwarding is not working..
I think that needs a change to the script because not work although i have disabled the firewall and have activate the DMZ on the correct IP
Please help me!!!
P.S. excuse me for my bad english |
|