Port Forwarding with PPTP vpn connection on tomato router

Mon Apr 8 15:29:49 UTC 2013

Okay, my knowledge of iptables is fairly limited...  I was just looking at
the rules on one of my servers and noticed that when I did "iptables
--list" it said under INPUT "ACCEPT     all  --  anywhere
anywhere" but the actual rule was "-A INPUT -i lo -j ACCEPT" which says to
accept all loopback traffic.  So, your duplicate rules may not be
duplicates, it's just not displaying enough information (maybe).  Are you
able to run "iptables-save"?  That outputs the options you'd pass at the
command line to recreate your current rules.

On Mon, Apr 8, 2013 at 11:00 AM, Randy Jonasz <rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:

> Hey Tim,
>
> The problem is that when I try to ssh to my computer from outside, the
> connection times out.  I've tried connecting to my vpn ip and the ip my isp
> assigns me but both time out.
>
> Thanks!
>
> Randy
>
>
>
> Oscar Developer
> McMaster University
> 175 Longwood Road South, Suite 201A
> Hamilton ON  L8P 0A1
> 905 525 9140 x27735
>
> *There are too many gentlemen in England by five hundred*
> *--Robert Burnam 1549*
>
>
> On Mon, Apr 8, 2013 at 9:15 AM, Tim Tisdall <tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR at public.gmane.org>wrote:
>
>> Hey Randy..  What specifically is not working?  We know what you've done
>> and what you're trying to do, but not what the problem is.
>>
>> At first glance, though, you should probably eliminate all those
>> duplicate entries to at least make it easier to wade through.
>>
>> -Tim
>>
>>
>> On Sun, Apr 7, 2013 at 11:59 AM, Randy Jonasz <rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>>
>>> Hi Everyone,
>>>
>>> I was wondering if anyone could help solve a problem I'm having with
>>> port forwarding on a tomato router set up to connect to a nas via rsync and
>>> another computer via ssh.  Any help would be greatly appreciated.  Here's
>>> where I am at now:
>>>
>>> Tomato v1.28.0000 MIPSR2-106 K26 USB Mega-VPN
>>> root at Rorty:/tmp/home/root# ip route show
>>> 10.3.12.1 dev ppp0  proto kernel  scope link  src 173.234.144.211
>>> 207.210.24.1 dev vlan2  scope link
>>> 173.234.144.194 via 207.210.24.1 dev vlan2
>>> 192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
>>> 207.210.24.0/22 dev vlan2  proto kernel  scope link  src 207.210.24.187
>>> 127.0.0.0/8 dev lo  scope link
>>> default dev ppp0  scope link
>>> default via 207.210.24.1 dev vlan2
>>> root at Rorty:/tmp/home/root# iptables -L
>>> Chain INPUT (policy DROP)
>>> target     prot opt source               destination
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  0.0.0.0/24           anywhere
>>> DROP       all  --  anywhere             wan-ip.rjonasz.org
>>> DROP       all  --  anywhere             anywhere            state
>>> INVALID
>>> ACCEPT     all  --  anywhere             anywhere            state
>>> RELATED,ESTABLISHED
>>> shlimit    tcp  --  anywhere             anywhere            tcp dpt:ssh
>>> state NEW
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     udp  --  anywhere             anywhere            udp
>>> spt:bootps dpt:bootpc
>>> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
>>>
>>> Chain FORWARD (policy DROP)
>>> target     prot opt source               destination
>>> TCPMSS     tcp  --  anywhere             anywhere            tcp
>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> TCPMSS     tcp  --  anywhere             anywhere            tcp
>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> TCPMSS     tcp  --  anywhere             anywhere            tcp
>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> TCPMSS     tcp  --  anywhere             anywhere            tcp
>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>> ACCEPT     all  --  0.0.0.0/24           anywhere
>>> ACCEPT     all  --  anywhere             0.0.0.0/24
>>>            all  --  anywhere             anywhere            account:
>>> network/netmask: 192.168.1.0/255.255.255.0 name: lan
>>> ACCEPT     all  --  anywhere             anywhere
>>> DROP       all  --  anywhere             anywhere            state
>>> INVALID
>>> TCPMSS     tcp  --  anywhere             anywhere            tcp
>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>> ACCEPT     all  --  anywhere             anywhere            state
>>> RELATED,ESTABLISHED
>>> wanin      all  --  anywhere             anywhere
>>> wanout     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target     prot opt source               destination
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             anywhere
>>> ACCEPT     all  --  anywhere             0.0.0.0/24
>>>
>>> Chain shlimit (1 references)
>>> target     prot opt source               destination
>>>            all  --  anywhere             anywhere            recent: SET
>>> name: shlimit side: source
>>> DROP       all  --  anywhere             anywhere            recent:
>>> UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
>>>
>>> Chain wanin (1 references)
>>> target     prot opt source               destination
>>> ACCEPT     tcp  --  anywhere             192.168.1.11        tcp dpt:ssh
>>> ACCEPT     udp  --  anywhere             192.168.1.11        udp dpt:ssh
>>> ACCEPT     tcp  --  anywhere             ix2-200-TI85JF.rjonasz.org tcp
>>> dpt:rsync
>>> ACCEPT     udp  --  anywhere             ix2-200-TI85JF.rjonasz.org udp
>>> dpt:rsync
>>>
>>> Chain wanout (1 references)
>>> target     prot opt source               destination
>>> root at Rorty:/tmp/home/root# iptables -t nat -L
>>> Chain PREROUTING (policy ACCEPT)
>>> target     prot opt source               destination
>>> WANPREROUTING  all  --  anywhere             wan-ip.rjonasz.org
>>> DROP       all  --  anywhere             192.168.1.0/24
>>>
>>> Chain POSTROUTING (policy ACCEPT)
>>> target     prot opt source               destination
>>> SNAT       tcp  --  192.168.1.0/24       192.168.1.11        tcp
>>> dpt:ssh to:207.210.24.187
>>> SNAT       udp  --  192.168.1.0/24       192.168.1.11        udp
>>> dpt:ssh to:207.210.24.187
>>> SNAT       tcp  --  192.168.1.0/24       ix2-200-TI85JF.rjonasz.org tcp
>>> dpt:rsync to:207.210.24.187
>>> SNAT       udp  --  192.168.1.0/24       ix2-200-TI85JF.rjonasz.org udp
>>> dpt:rsync to:207.210.24.187
>>> MASQUERADE  all  --  anywhere             anywhere
>>> MASQUERADE  all  --  anywhere             anywhere
>>> MASQUERADE  all  --  anywhere             anywhere
>>> MASQUERADE  all  --  anywhere             anywhere
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target     prot opt source               destination
>>>
>>> Chain WANPREROUTING (1 references)
>>> target     prot opt source               destination
>>> DNAT       icmp --  anywhere             anywhere
>>>  to:192.168.1.1
>>> DNAT       tcp  --  anywhere             anywhere            tcp
>>> dpt:2222 to:192.168.1.11:22
>>> DNAT       udp  --  anywhere             anywhere            udp
>>> dpt:2222 to:192.168.1.11:22
>>> DNAT       tcp  --  anywhere             anywhere            tcp
>>> dpt:rsync to:192.168.1.8:873
>>> DNAT       udp  --  anywhere             anywhere            udp
>>> dpt:rsync to:192.168.1.8:873
>>>
>>> Thanks,
>>>
>>> Randy
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130408/2f70182e/attachment.html>