"Mark Maas" <[EMAIL PROTECTED]> writes: > > When I use the MS pptp client and login to the pptpd server on this machine > i can ping all networks from the client, but cannot reach the internet. > Pinging google.nl results in the name beeing resolved to the ip adress of > google.nl but the request don't ever reach google.nl...
Oh boy... We're getting to the stage where you may have to explain what it is you're trying to accomplish and give a lot more detail about your network topology. Why are you setting up this PPTP tunnel? Are you using it as an (expensive) way to connect a single machine on the intranet to the Internet through the ADSL (??) on the Linux box? Or are you eventually aiming to have a Windows machine out on the big, bad Internet connect to your intranet through the secure PPTP tunnel and have access to all intranet machines and also the rest of the Internet? Besides the ADSL on your Linux box, are there any other connections from the intranet to the Internet? Are other machines forwarding traffic through your Linux box right now? Or are they even able to connect to the Internet? Do you have a single external IP address or a block of them? In a nutshell, what's probably going wrong is that your Windows machine, whatever its original IP address was, reconfigured itself when you started up its PPTP client. It's now using its original IP address only to shuttle packets across the PPTP tunnel to and from the Linux box. For all other purposes, it's using the IP address assigned by the copy of "pppd" running on the Linux box (in the "remote IP address" line in your log). This is presumably some address on the 192.168.8.x network, say 192.168.8.123. When you ping, say, the intranet gateway "192.168.8.4", from the Windows box, the packet goes out with source IP 192.168.8.123 and destination 192.168.8.4 across the PPTP tunnel. The Linux box forwards the packet out to the "eth0" interface where 192.168.8.4 picks it up and generates a reply. The reply needs to go to 192.168.8.123, and that's fine---the Linux box has configured itself to do proxy ARP for 192.168.8.123, so packets destined for that address go to your Linux box which recognizes that it's destined for the Windows machine and shuttles the packet back across the PPTP tunnel and you get your reply. Unfortunately, when you ping "google.nl", the packet goes out with source IP 192.168.8.123 across the PPTP tunnel. The Linux box forwards the packet out to the "eth1" interface (becaause its destination matches the default route), and it goes out to "google.nl" with an internal source IP. It either gets filtered at your or "google.nl"'s ISP perimeter (when the firewalls notice that its source IP is an unroutable address) or "google.nl" actually gets the packet, formulates a reply, and discovers it can't deliver it. If you really want things to work this way, you need to do source NAT on behalf of the Windows machine (or any other internal machine that's trying to send packets to the Internet through your Linux machine) so packets that hit the Internet can find there way back to your Linux machine through its public (ADSL) IP address. -- Kevin <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
