<div dir="ltr">Yes, just a masquerading issue. I had traffing going out the general internet link setup with an iptables masquerade rule, but none for the ppp1 link. Thus, while the packets were going out, there was no way for them to get back because the remote network hosts had no idea how to reach my private IP addresses on the other side of the ppp1 link.<br>
<br>Setup nat/masquerade iptables rule allowing all incoming and outgoing, and presto! It worked.<br><br><br><div class="gmail_quote">On Fri, Sep 5, 2008 at 11:43 AM, Ian Gallagher <span dir="ltr"><<a href="mailto:crash@neg9.org">crash@neg9.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Glad to hear it! If you could elaborate on the solution for others to<br>
see, that'd likely be useful as well. Was it just a masquerading<br>
issue?<br>
<br>
<br>
Thanks,<br>
<font color="#888888">-Ian<br>
</font><div><div></div><div class="Wj3C7c"><br>
On Fri, Sep 5, 2008 at 11:25 AM, Michael D. O'Brien <<a href="mailto:obrienmd@gmail.com">obrienmd@gmail.com</a>> wrote:<br>
> Just an FYI, if you see my reply post yesterday, I fixed it. Simple<br>
> iptables issue... I'm a bit embarrassed.<br>
><br>
> On Fri, Sep 5, 2008 at 9:39 AM, Robert Long <<a href="mailto:robert.long@hq.speakeasy.net">robert.long@hq.speakeasy.net</a>><br>
> wrote:<br>
>><br>
>> -----BEGIN PGP SIGNED MESSAGE-----<br>
>> Hash: SHA1<br>
>><br>
>> Fred Morris wrote:<br>
>> > My guess is you don't have routing configured correctly, which is to say<br>
>> > that<br>
>> > the the local network clients don't know to choose the ppp1 interface<br>
>> > (whatever its address is) as the "gateway" to the <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a><br>
>> > machines.<br>
>> ><br>
>><br>
>><br>
>> I kinda thought the same, but from how I read the original post I<br>
>> thought the gateway on the local network is what is doing the PPTP, so<br>
>> as long as the local clients have their default GW pointed to that, the<br>
>> GW should figure it out as it has a directly connected route to the<br>
>> remote network.<br>
>><br>
>><br>
>> What could be happening, and what I wasn't able to determine from the<br>
>> original description, is on the remote end where the tunnel is<br>
>> terminated. Hosts there will also need a route back to the local<br>
>> network, so that might be the place to start looking.<br>
>><br>
>><br>
>> If you're not using the default GW on the remote network for this, you'd<br>
>> need to add either A) routes on the remote hosts to point to the GW to<br>
>> the local network - or - B) a route on the remote default GW pointing<br>
>> to the 'local' network via whatever machine is setup as the PPTP end<br>
>> point and allow for ICMP-Redirects (enabled by default). Also make sure<br>
>> that the remote PPTP system has forwarding enabled.<br>
>><br>
>><br>
>> .r'<br>
>> -----BEGIN PGP SIGNATURE-----<br>
>> Version: GnuPG v2.0.9 (GNU/Linux)<br>
>> Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a><br>
>><br>
>> iEYEARECAAYFAkjBYLoACgkQmcorKWFVwQDm8gCgmD5fVm5RufQCegilyCF4c+Hb<br>
>> PFIAoJGsKPKI0BwajDYfEeoaLtZsfAdA<br>
>> =OQ6A<br>
>> -----END PGP SIGNATURE-----<br>
>> _______________________________________________<br>
>> Gslug-general mailing list<br>
>> <a href="mailto:Gslug-general@gslug.org">Gslug-general@gslug.org</a><br>
>> <a href="http://lists.gslug.org/mailman/listinfo/gslug-general" target="_blank">http://lists.gslug.org/mailman/listinfo/gslug-general</a><br>
><br>
><br>
><br>
> --<br>
> Michael O'Brien<br>
> 253-217-7129<br>
><br>
> _______________________________________________<br>
> Gslug-general mailing list<br>
> <a href="mailto:Gslug-general@gslug.org">Gslug-general@gslug.org</a><br>
> <a href="http://lists.gslug.org/mailman/listinfo/gslug-general" target="_blank">http://lists.gslug.org/mailman/listinfo/gslug-general</a><br>
><br>
_______________________________________________<br>
Gslug-general mailing list<br>
<a href="mailto:Gslug-general@gslug.org">Gslug-general@gslug.org</a><br>
<a href="http://lists.gslug.org/mailman/listinfo/gslug-general" target="_blank">http://lists.gslug.org/mailman/listinfo/gslug-general</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Michael O'Brien<br>253-217-7129<br>
</div>