[prev in list] [next in list] [prev in thread] [next in thread]
List: poptop-server
Subject: Re: [Poptop-server] Ping succeeds but other than that
From: John873 <johnfu () systems-art ! com ! hk>
Date: 2007-04-18 21:09:52
Message-ID: 10066542.post () talk ! nabble ! com
[Download RAW message or body]
Hi,
Anyone can solve this problem?
I face exactly the same problem.
I install poptop 1.3.3 in FC6 using the rpm package. It can ping to
everywhere (and tracert), but other services are fail, such as browsing.
I use tcpdump at ppp0 at the VPN server. The results are as following :
21:57:43.380144 IP 10.0.0.101 > qb-in-f99.google.com: ICMP echo request, id
1536, seq 2304, length 40
21:57:43.467496 IP qb-in-f99.google.com > 10.0.0.101: ICMP echo reply, id
1536, seq 2304, length 40
21:57:44.381957 IP 10.0.0.101 > qb-in-f99.google.com: ICMP echo request, id
1536, seq 2560, length 40
21:57:44.469701 IP qb-in-f99.google.com > 10.0.0.101: ICMP echo reply, id
1536, seq 2560, length 40
21:57:47.086181 IP 10.0.0.101.netbios-ns > 255.255.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:57:47.830137 IP 10.0.0.101.netbios-ns > 255.255.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:57:47.834154 IP 10.0.0.101.netbios-ns > 255.255.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:57:47.838012 IP 192.168.7.110.4610 > by2msg2204709.phx.gbl.msnp: P
3465147678:3465147683(5) ack 4030983845 win 64231
21:57:48.328030 IP 192.168.7.110.4610 > by2msg2204709.phx.gbl.msnp: P 0:5(5)
ack 1 win 64231
21:57:48.576037 IP 10.0.0.101.netbios-ns > 255.255.255.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:57:49.292693 IP 192.168.7.110.4610 > by2msg2204709.phx.gbl.msnp: P 0:5(5)
ack 1 win 64231
21:57:51.390806 IP 192.168.7.110.4610 > by2msg2204709.phx.gbl.msnp: P 0:5(5)
ack 1 win 64231
21:57:55.228029 IP 192.168.7.110.4610 > by2msg2204709.phx.gbl.msnp: P 0:5(5)
ack 1 win 64231
21:57:56.076091 IP 10.0.0.101.4983 > qb-in-f99.google.com.http: S
1900166692:1900166692(0) win 65535 <mss 1360,nop,nop,sackOK>
21:57:56.076117 IP 10.0.0.10 > 10.0.0.101: ICMP host qb-in-f99.google.com
unreachable - admin prohibited, length 56
21:57:59.316087 IP 10.0.0.101.4983 > qb-in-f99.google.com.http: S
1900166692:1900166692(0) win 65535 <mss 1360,nop,nop,sackOK>
21:57:59.316109 IP 10.0.0.10 > 10.0.0.101: ICMP host qb-in-f99.google.com
unreachable - admin prohibited, length 56
21:58:03.324297 IP 192.168.7.110.4610 > by2msg2204709.phx.gbl.msnp: P
0:10(10) ack 1 win 64231
21:58:05.080177 IP 10.0.0.101.4983 > qb-in-f99.google.com.http: S
1900166692:1900166692(0) win 65535 <mss 1360,nop,nop,sackOK>
21:58:05.080196 IP 10.0.0.10 > 10.0.0.101: ICMP host qb-in-f99.google.com
unreachable - admin prohibited, length 56
21:58:12.050161 IP 10.0.0.101.4990 > 210.3.12.83.http: S
422606656:422606656(0) win 65535 <mss 1360,nop,nop,sackOK>
21:58:12.050186 IP 10.0.0.10 > 10.0.0.101: ICMP host 210.3.12.83 unreachable
- admin prohibited, length 56
21:58:15.124060 IP 10.0.0.101.4990 > 210.3.12.83.http: S
422606656:422606656(0) win 65535 <mss 1360,nop,nop,sackOK>
21:58:15.124078 IP 10.0.0.10 > 10.0.0.101: ICMP host 210.3.12.83 unreachable
- admin prohibited, length 56
IP 10.0.0.101 is the IP of PPTP Client and IP 10.0.0.10 is the IP of PPTP
Server
The first 4 lines show ping to www.google.com is success
But then, I use IE to go to http://www.google.com it return "ICMP host
qb-in-f99.google.com unreachable - admin prohibited, length 56"
Then, I try to go to http://210.3.12.83 (this is my another computer at
another home), is also return "ICMP host 210.3.12.83 unreachable - admin
prohibited, length 56"
Anyone can help?
Will it be related to firewall, NAT, iptables? But I have turned off
Firewall, SELinux and have NAT only.
Thanks. ^^
Vince John wrote:
>
> Thanks to all the replies! It is good to know I am not on my own.
>
> The situation:
>
> Client(WinXP) --- (internet) --- {eth0} poptop server / firewall
> (Sarge) {eth1} --- (LAN) --- target host (win2ksrvr)
>
> The win2ksrvr is set up to use the poptop server as its default gateway.
>
>
> > From client, "ping target.host.ip.addr" succeeds (though the first ping
> on a new connection almost always fails, no matter what timeout I give
> it; subsequent pings on a new connection succeed ([*1] as long as the
> time between ping commands is short enough) which suggests to me that
> routing/NAT/firewalling is not a problem. To be sure, I have ACCEPTed
> all chains and made sure ip_forward = 1. I have also even inserted
> "iptables -t filter -I FORWARD -i ppp0 -o eth1 -j ACCEPT". With tcpdump,
> I see echo requests and echo replies of the ping going in and out of
> ppp0 and eth1.
> But, when I try to browse the network, I see on ppp0:
> 10:58:23.136203 IP clientIP.on.poptop.srvr.netbios-dgm >
> 255.255.255.255.netbios-dgm: NBT UDP PACKET(138)
> 10:58:23.164167 IP clientIP.on.poptop.srvr.netbios-ns >
> 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST;
> BROADCAST
> but I never see these packets go out eth1. clientIP.on.poptop.srvr is
> one of the remoteip's defined in pptpd.conf.
> I tried different MTU/MRU combinations; apart from ping, nothing works.
>
> *1: Additional info:
> I set MTU/MRU to 1404, according to Mr. Tanel Kindsigo's suggestion,
> though I set those values in /etc/ppp/options. Ifconfig tells me ppp0
> gets an MTU of 1396 (this seems to be the maximum no matter what higher
> values I set in /etc/ppp/options, and this maximum value seems to be the
> default if nothing specified). From client, 'ping target.host.ip.addr'
> works. I increase ping's MTU just to see what happens, thus:
> ping -f -l 1300 target.host.ip.addr
> time to reply becomes longer.
> I go up and up with MTU, and eventually I get to:
> ping -f -l 1368 target.host.ip.addr
> which still gives me a reply.
> ping -f -l 1369 target.host.ip.addr
> to
> ping -f -l 1372 target.host.ip.addr
> times out.
> ping -f -l 1373 target.host.ip.addr
> gives "Packet needs to be fragmented but DF set".
>
> The "tracert target.host.ip.addr" from the client is a little slow to
> execute but gets there in 2 hops.
>
> Remarks:
> 1. /etc/init.d/pptpd restart does not always succeed in one go. I always
> check with "tail /var/log/syslog" to see if there are connections
> available, indicating a successful start (after stopping).
> 2. I am a little confused about which configuration files control which
> processes. Sometimes docs refer to options.pptpd and sometimes to
> pptpd-options, for example. So, please correct me if I'm wrong:
> /etc/ppp/options controls pppd. In here I set mtu/mru (and various other
> things, of course). Changes in this file become active on new
> connections.
> /etc/pptpd.conf controls pptpd. Changes in this file become active after
> a pptpd restart. In this file there is a line which says:
> options /etc/ppp/pptpd.options
> and thus this file's options are includedand also become active after a
> pptpd restart. The contents of this file looks a lot like those of
> /etc/ppp/options; there seem to be 2 places to define some of them (all
> of them?). Do the options in this file override those in
> /etc/ppp/options for pptpd connections? Or are they additional? Or...?
> 3. In the PPTP client doc there is mentioned a route that needs to be
> added to the linux client, but mine is a WinXP one, and checking the
> WinXP's routing table does seem to add that route by default. Still,
> those network browse request packets arrive on ppp0 but do not go out
> eth1, not even when I add this route by hand on the WinXP client.
>
> If there is anything I am overlooking or can test further, please let me
> know; I sure appreciate any suggestion... !
>
> Thanks!
>
>
> > -----Original Message-----
> > From: poptop-server-bounces@lists.sourceforge.net
> > [mailto:poptop-server-bounces@lists.sourceforge.net] On
> > Behalf Of Jakob Curdes
> > Sent: Wednesday, April 04, 2007 6:14 PM
> > To: poptop-server@lists.sourceforge.net
> > Subject: Re: [Poptop-server] Ping succeeds but other than that
> >
> >
> > > Try ifconfig ppp0 mtu 1404
> > >
> > This will not last long; after a new dialin it will return to
> > the old value. MTU and MRU for ppp connections should be set
> > in the pppd options file.
> >
> > JC
> >
> >
> > --------------------------------------------------------------
> > -----------
> > Take Surveys. Earn Cash. Influence the Future of IT Join
> > SourceForge.net's Techsay panel and you'll get the chance to
> > share your opinions on IT & business topics through brief
> > surveys-and earn cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge
> > &CID=DEVDEV
> > _______________________________________________
> > Poptop-server mailing list
> > Poptop-server@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/poptop-server
> >
>
>
> --
> Free e-mail accounts at http://zworg.com
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Poptop-server mailing list
> Poptop-server@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/poptop-server
>
>
--
View this message in context: \
http://www.nabble.com/Re%3A-Ping-succeeds-but-other-than-that-tf3524966.html#a10066542
Sent from the poptop-server mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Poptop-server mailing list
Poptop-server@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/poptop-server
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic