I have setup the PPTP server successfully. However, I got problems in
touching the external network.

Network Class: 192.168.1.0/24
eth0 for internet and intranet
ppp+ for PPPD use

here is the iptables below:

iptables -F
iptables -t nat -F

/bin/echo 1 > /proc/sys/net/ipv4/ip_forward


# Enable Masquerading to allow LAN internet access
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j DROP

# Internal Network
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0 -d 192.168.1.0/24 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# HTTP
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Pop3
iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# Newsd
iptables -A INPUT -p tcp -m tcp --dport 119 -j ACCEPT
#
# Samba Config
#
iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/255.255.255.0 --dport
139 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 192.168.1.0/255.255.255.0 --dport
137 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 192.168.1.0/255.255.255.0 --dport
138 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/255.255.255.0 --dport
445 -j ACCEPT
# IMAP
iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
# PPTPD
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT

# DNS Server can touch me
iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 0:1023 -j DROP
iptables -A INPUT -p udp -m udp --dport 0:1023 -j DROP

iptables -A FORWARD -j DROP


Can anyone help me?

I am able to connect to the PPTP server using Windows XP machine, and I
am able to touch the internal network (192.168.1.0).
I have installed ethreal and here is the log:
1 0.0 192.168.1.240 209.171.52.99 TCP 2628 > http [SYN] Seq=0
Len=0 MSS=1360


It seems that the syn packet cannot be forwarded to the targted HTTP
server.


Thanks,
Marquis