Help! I can't connect to a site when using PPTP IP'S

mark103 · #1 10-23-2011, 04:30 PM

Hi guys,

i need your urgent help, I have a problem connecting to a site through my VPS. I have got XEN VPS 128MB of ram and I'm using CentOS 64-bit OS. I have installed pptp on my vps and i can connect to any sites using with ip 74.11.44.57 without have any problems, but my trouble is when I use a different IP's something is like 74.11.44.19, 74.11.44.3 and so on. When I tried to connect on that site I use www.neobux.com, there are no response and I'm not really sure what the real trouble is. I can connect to that site using with an IP 74.11.44.57 without have any problems, but not for any other IP's that come with random numbers at the end.

Can you tell me why the site I tried to connect did not response?

Any one can tell me why and what the problem is?

mikeA52 · #2 10-23-2011, 08:09 PM

Quote:

Originally Posted by mark103

Hi guys,

i need your urgent help, I have a problem connecting to a site through my VPS. I have got XEN VPS 128MB of ram and I'm using CentOS 64-bit OS. I have installed pptp on my vps and i can connect to any sites using with ip 74.11.44.57 without have any problems, but my trouble is when I use a different IP's something is like 74.11.44.19, 74.11.44.3 and so on. When I tried to connect on that site I use www.neobux.com, there are no response and I'm not really sure what the real trouble is. I can connect to that site using with an IP 74.11.44.57 without have any problems, but not for any other IP's that come with random numbers at the end.

Can you tell me why the site I tried to connect did not response?

Any one can tell me why and what the problem is?

Well it looks like, you are trying to use IP addresses that are not bound to your VPS. Are those IPs that are not "connecting" actually allotted to you?

mark103 · #3 10-23-2011, 09:18 PM

Yes, I'm using one of those IP's each at a time.

When I connecting to a site using with IP 74.11.44.57, it works than any others it won't work.

I'd find it strange, because when I reinstall the OS and I tried to use the IP 74.11.44.19 instead of using than any other IP's then it works.

Something got to do with the firewall rules issue?

nodesouth · #4 10-23-2011, 10:30 PM

Sounds like it could be something to do with your forward rules. I remember having a similar issue on a w2k server several years ago, i could see everything on the network but not not the actual machine i was connected via pptp too.

Not sure if it helps but i have pasted below a iptables from one of my vpn servers i am on with now. It works for both pptpd and openvpn. Its complete apart from some random ports i open. If your on centos jut copy it to:

/etc/sysconfig/iptables

and then

service iptables restart

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*nat

REROUTING ACCEPT [79:6173]

OSTROUTING ACCEPT [2:365]
:OUTPUT ACCEPT [2:365]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:INPUT ACCEPT [0:0]
-A INPUT -i tun0 -j ACCEPT
-A INPUT -i ppp0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
:FORWARD ACCEPT [0:0]
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -i ppp0 -j ACCEPT
:OUTPUT ACCEPT [0:0]
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -o ppp0 -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

mark103 · #5 10-24-2011, 09:44 AM

Thanks, I have pasted the iptables rules in /etc/sysconfig/iptables and I have restart, but then I get this:

Code:

[root@server1 ~]#service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore v1.3.5: Unknown arg `-j'
Error occurred at line: 28
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]
[root@server1 ~]#

If I try with service iptables save, it will delete some rules.

Do you know what's wrong and how to fix it?

nodesouth · #6 10-24-2011, 09:49 AM

try commenting out the line before the final COMMIT

#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

some machines i have had to do that

mark103 · #7 10-24-2011, 10:00 AM

Thanks, but I still get the same.

Any idea?

mark103 · #8 10-24-2011, 10:11 AM

here's my configuration:

Code:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*nat
:PREROUTING ACCEPT [79:6173]
:POSTROUTING ACCEPT [2:365]
:OUTPUT ACCEPT [2:365]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:INPUT ACCEPT [0:0]
-A INPUT -i tun0 -j ACCEPT
-A INPUT -i ppp0 -j ACCEPT
-A INPUT -p gre -j ACCEPT
:FORWARD ACCEPT [0:0]
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -i ppp0 -j ACCEPT
:OUTPUT ACCEPT [0:0]
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -o ppp0 -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

nodesouth · #9 10-24-2011, 10:13 AM

the only thing i can see is

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT

ACCEPT needs to be on the end of the line above -j ACCEPT

mark103 · #10 10-24-2011, 10:41 AM

Oh sorry I have forgot to include the ACCEPT at the end of the line. However I have fixed the problem, when I try to connect to the site, there are no response while the server is up and running. The server did not blocked my IP'S.

Do you know why and the problem is?

nodesouth · #11 10-24-2011, 10:50 AM

ahhh i stripped out the allow line for the pptp by accident. Just need to open port 1723 in ip tables with the following line before the COMMIT at the bottom of the file and restart iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT

mark103 · #12 10-24-2011, 11:21 AM

Do I need to replace from this:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

to this?

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT

nodesouth · #13 10-24-2011, 11:33 AM

dont replace it, place the new one underneath. The forst one allows you to ssh in to the server, and this new one allows you to pptp into the server.

Help! I can't connect to a site when using PPTP IP'S

Sponsored Links

Advertise Here

Internet Services

Web Development

Digital Marketing

Consumer Tech