Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

PPTP has No Internet Access after CSF enabled

GreenVineGreenVine Member
edited March 2014 in Help

I am installing PPTP on my CentOS 6.5 OpenVZ, it works fine if I disabled CSF and flush all iptables settings and run:

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 12.12.34.56

(12.12.34.56 is my server primary IP)

However if I enable CSF, VPN connection can still be connected, but no Internet Access.

I tried to figure out this issue by adding the code mentioned above into csfpre.sh, but still no success.

How I can solve this problem?

Thanks!

Comments

  • ATHKATHK Member

    This is probably over kill but this is my csfpre.sh

    iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT 
    iptables -A INPUT -i venet0 -p gre -j ACCEPT 
    iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE 
    iptables -A FORWARD -i ppp+ -o venet0 -j ACCEPT 
    iptables -A FORWARD -i venet0 -o ppp+ -j ACCEPT 
    
    iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT 
    iptables -A INPUT -i eth0 -p gre -j ACCEPT 
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
    iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT 
    iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT 
    
    iptables -t nat -A POSTROUTING -j SNAT --to YOURIP
    iptables -A INPUT -p 47 -j ACCEPT
    

    This was the only way I could get it to work for me, make sure those ports are allowed in csf.conf

    Thanked by 1GreenVine
  • @ATHK said:
    This is probably over kill but this is my csfpre.sh

    iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT 
    iptables -A INPUT -i venet0 -p gre -j ACCEPT 
    iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE 
    iptables -A FORWARD -i ppp+ -o venet0 -j ACCEPT 
    iptables -A FORWARD -i venet0 -o ppp+ -j ACCEPT 
    
    iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT 
    iptables -A INPUT -i eth0 -p gre -j ACCEPT 
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
    iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT 
    iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT 
    
    iptables -t nat -A POSTROUTING -j SNAT --to YOURIP
    iptables -A INPUT -p 47 -j ACCEPT
    

    This was the only way I could get it to work for me, make sure those ports are allowed in csf.conf

    Well I tried your script and successed. Thanks for your help:D

  • ATHKATHK Member
    edited March 2014

    Brilliant! Just don't ask me why! I gathered information off various sites when googling, that was the only combination that worked for me.

  • ATHK said: Brilliant! Just don't ask me why! I gathered information off various sites when googling, that was the only combination that worked for me.

    Well I think it is possible to remove all lines related to venet0, as I do not have such network device on the server?

  • Probably CSF didn't add in the IPTable rule to allow GRE protocol or it defaults to allow only white-listed protocols.

    When you added

    iptables -A INPUT -i eth0 -p gre -j ACCEPT

    or

    iptables -A INPUT -p 47 -j ACCEPT
    (most likely this one...a more general version of the previous rule)

    you allowed GRE packets to properly pass into your IPTables processing engine.

    See ya...

    d.c.

  • Well I am experiencing another issue:(

    The VPN keep running for 2 days and no settings edited, but today I got 619 Error when connecting. I can connect to another server's PPTP VPN anyway.

    How to address this issue?

    Thanks:D

Sign In or Register to comment.