Добрый день
Помогите, пожалуйста, есть сервер который через нат выпускает в мир локальную сеть. Из локальной сети не работает pptp, а напрямую с сервера все работает.
$ cat /etc/rc.local
#!/bin/sh -eiptables -F
iptables -t nat -Fiptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
exit 0
$ sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 17M packets, 9233M bytes)
pkts bytes target prot opt in out source destination
1166 51800 f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22Chain FORWARD (policy ACCEPT 73M packets, 69G bytes)
pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 16M packets, 16G bytes)
pkts bytes target prot opt in out source destinationChain f2b-sshd (1 references)
pkts bytes target prot opt in out source destination
1166 51800 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0Вот такой простой iptable у меня. Но почему то не работает =(
modprobe nf_nat_pptp nf_nat_proto_gre
> Добрый день
> Помогите, пожалуйста, есть сервер который через нат выпускает в мир локальную сеть.
> Из локальной сети не работает pptp, а напрямую с сервера все
> работает.
>
> modprobe nf_nat_pptp nf_nat_proto_gre
>не помогло. Загрузил.
вот лог с клиента
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 pppd[3258]: pppd 2.4.7 started by root, uid 0
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 pppd[3258]: Using interface ppp0
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 pppd[3258]: Connect: ppp0 <--> /dev/pts/2
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 systemd-udevd[3261]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 NetworkManager[914]: <info> [1552499241.4254] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/5)
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 NetworkManager[914]: <info> [1552499241.4413] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 NetworkManager[914]: <info> [1552499241.4414] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 pptp[3260]: anon log[main:pptp.c:353]: The synchronous pptp option is NOT activated
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 1 'Start-Control-Connection-Request'
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Mar 13 19:47:21 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Mar 13 19:47:22 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 7 'Outgoing-Call-Request'
Mar 13 19:47:22 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Mar 13 19:47:22 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 26194, peer's call ID 39012).
Mar 13 19:47:43 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_disp:pptp_ctrl.c:977]: Call disconnect notification received (call id 39012)
Mar 13 19:47:43 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[ctrlp_error:pptp_ctrl.c:207]: Result code is 3 'Administrative Shutdown'. Error code is 0, Cause code is 0
Mar 13 19:47:43 darksmoke-HP-EliteBook-840-G1 pptp[3273]: anon log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Mar 13 19:47:43 darksmoke-HP-EliteBook-840-G1 pppd[3258]: Modem hangup
Mar 13 19:47:43 darksmoke-HP-EliteBook-840-G1 pppd[3258]: Connection terminated.
Mar 13 19:47:43 darksmoke-HP-EliteBook-840-G1 NetworkManager[914]: <info> [1552499263.1528] devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Mar 13 19:47:43 darksmoke-HP-EliteBook-840-G1 pppd[3258]: Exit.
Логи с сервера
Mar 13 20:08:12 server mpd: [L-2] Accepting PPTP connection
Mar 13 20:08:12 server mpd: [L-2] Link: OPEN event
Mar 13 20:08:12 server mpd: [L-2] LCP: Open event
Mar 13 20:08:12 server mpd: [L-2] LCP: state change Initial --> Starting
Mar 13 20:08:12 server mpd: [L-2] LCP: LayerStart
Mar 13 20:08:12 server mpd: [L-2] PPTP: attaching to peer's outgoing call
Mar 13 20:08:12 server mpd: [L-2] Link: UP event
Mar 13 20:08:12 server mpd: [L-2] LCP: Up event
Mar 13 20:08:12 server mpd: [L-2] LCP: state change Starting --> Req-Sent
Mar 13 20:08:12 server mpd: [L-2] LCP: SendConfigReq #1
Mar 13 20:08:12 server mpd: [L-2] ACFCOMP
Mar 13 20:08:12 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:12 server mpd: [L-2] MRU 1500
Mar 13 20:08:12 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:12 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:12 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:12 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:12 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:14 server mpd: [L-2] LCP: SendConfigReq #2
Mar 13 20:08:14 server mpd: [L-2] ACFCOMP
Mar 13 20:08:14 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:14 server mpd: [L-2] MRU 1500
Mar 13 20:08:14 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:14 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:14 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:14 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:14 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1fMar 13 20:08:16 server mpd: [L-2] LCP: SendConfigReq #3
Mar 13 20:08:16 server mpd: [L-2] ACFCOMP
Mar 13 20:08:16 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:16 server mpd: [L-2] MRU 1500
Mar 13 20:08:16 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:16 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:16 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:16 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:16 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:18 server mpd: [L-2] LCP: SendConfigReq #4
Mar 13 20:08:18 server mpd: [L-2] ACFCOMP
Mar 13 20:08:18 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:18 server mpd: [L-2] MRU 1500
Mar 13 20:08:18 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:18 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:18 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:18 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:18 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:20 server mpd: [L-2] LCP: SendConfigReq #5
Mar 13 20:08:20 server mpd: [L-2] ACFCOMP
Mar 13 20:08:20 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:20 server mpd: [L-2] MRU 1500
Mar 13 20:08:20 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:20 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:20 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:20 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:20 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:22 server mpd: [L-2] LCP: SendConfigReq #6
Mar 13 20:08:22 server mpd: [L-2] ACFCOMP
Mar 13 20:08:22 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:22 server mpd: [L-2] MRU 1500
Mar 13 20:08:22 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:22 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:22 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:22 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:22 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:24 server mpd: [L-2] LCP: SendConfigReq #7
Mar 13 20:08:24 server mpd: [L-2] ACFCOMP
Mar 13 20:08:24 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:24 server mpd: [L-2] MRU 1500
Mar 13 20:08:24 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:24 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:24 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:24 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:24 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:26 server mpd: [L-2] LCP: SendConfigReq #8
Mar 13 20:08:26 server mpd: [L-2] ACFCOMP
Mar 13 20:08:26 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:26 server mpd: [L-2] MRU 1500
Mar 13 20:08:26 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:26 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:26 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:26 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:26 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:28 server mpd: [L-2] LCP: SendConfigReq #9
Mar 13 20:08:28 server mpd: [L-2] ACFCOMP
Mar 13 20:08:28 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:28 server mpd: [L-2] MRU 1500
Mar 13 20:08:28 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:28 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:28 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:28 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:28 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:30 server mpd: [L-2] LCP: SendConfigReq #10
Mar 13 20:08:30 server mpd: [L-2] ACFCOMP
Mar 13 20:08:30 server mpd: [L-2] PROTOCOMP
Mar 13 20:08:30 server mpd: [L-2] MRU 1500
Mar 13 20:08:30 server mpd: [L-2] MAGICNUM 0x9c26a8d0
Mar 13 20:08:30 server mpd: [L-2] AUTHPROTO CHAP MSOFTv2
Mar 13 20:08:30 server mpd: [L-2] MP MRRU 2048
Mar 13 20:08:30 server mpd: [L-2] MP SHORTSEQ
Mar 13 20:08:30 server mpd: [L-2] ENDPOINTDISC [802.1] 00 e0 4c f0 e7 1f
Mar 13 20:08:33 server mpd: [L-2] LCP: parameter negotiation failed
Mar 13 20:08:33 server mpd: [L-2] LCP: state change Req-Sent --> Stopped
Mar 13 20:08:33 server mpd: [L-2] LCP: LayerFinish
Mar 13 20:08:33 server mpd: [L-2] PPTP call terminated
Mar 13 20:08:33 server mpd: [L-2] Link: DOWN event
Mar 13 20:08:33 server mpd: [L-2] LCP: Close event
Mar 13 20:08:33 server mpd: [L-2] LCP: state change Stopped --> Closed
Mar 13 20:08:33 server mpd: [L-2] LCP: Down event
Mar 13 20:08:33 server mpd: [L-2] LCP: state change Closed --> Initial
Mar 13 20:08:33 server mpd: [L-2] Link: SHUTDOWN event
Mar 13 20:08:33 server mpd: [L-2] Link: Shutdown
Под руками сейчас нет сервера что бы проверить,но у себя в аписках нашёлmodprobe nf_conntrack_pptp
modprobe nf_conntrack
modprobe ip_gre
modprobe ip_nat_pptp
iptables -t raw -A PREROUTING -p tcp -m tcp --dport 1723 -j CT --helper pptp
и/или
sysctl net.netfilter.nf_conntrack_helper=1
Не помогло :(
Может дать еще какие-то логи, дампы. Я уже не знаю что делать ((((
Думаю что дело в iptable
> Думаю что дело в iptableвычитал что надо добавить
iptables -A FORWARD -p gre -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 1723 -j ACCEPT
Итого получилось
iptables -F
iptables -t nat -Fiptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -A FORWARD -p gre -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 1723 -j ACCEPT
#iptables-save
# Generated by iptables-save v1.6.0 on Mon Mar 18 21:29:53 2019
*mangle
:PREROUTING ACCEPT [23373714:21963126921]
:INPUT ACCEPT [3605782:3584020218]
:FORWARD ACCEPT [19740598:18372555897]
:OUTPUT ACCEPT [2907491:3714033020]
:POSTROUTING ACCEPT [22648089:22086588917]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Mar 18 21:29:53 2019
# Generated by iptables-save v1.6.0 on Mon Mar 18 21:29:53 2019
*nat
:PREROUTING ACCEPT [2:76]
:INPUT ACCEPT [1:44]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
COMMIT
# Completed on Mon Mar 18 21:29:53 2019
# Generated by iptables-save v1.6.0 on Mon Mar 18 21:29:53 2019
*filter
:INPUT ACCEPT [9925:540972]
:FORWARD ACCEPT [109:8987]
:OUTPUT ACCEPT [11329:32024556]
:f2b-sshd - [0:0]
-A INPUT -p tcp -m tcp --sport 1723 -j ACCEPT
-A FORWARD -p gre -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 1723 -j ACCEPT
COMMIT