How do I enable routing to eth0 without having the ability to communicate amongst pptp clients? I know ip_forward = 1 makes routing of pptp clients possible, but i dont want communication under pptp clients.
Asked
Active
Viewed 259 times
1 Answers
0
You need to block traffic between users by packet filter.
AlexD
- 8,747
- 2
- 29
- 38
-
You have any suggestion on how to achieve this using for iptables for example? My clients are connection using ppp0,ppp1,pppX and outgoing interface is eth0 – ferdyh May 19 '11 at 16:48
-
It would be more simple of your assign IPs to clients from dedicated subnet, so all you need is one rule per interface to deny traffic on given interface (pppX) to given subnet – AlexD May 19 '11 at 17:02
-
all pppX devices get an ip 192.168.50.0/24 and the eth0 is on a wan ip. I also cant seem to get internet traffic over my pptp tunnel. ip_forward is on... – ferdyh May 19 '11 at 17:05
-
Seem to have fixed that now using `iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE`; Now only thing remaining is to block traffic between 192.168.50.0/24 clients... – ferdyh May 19 '11 at 17:10
-
All you need is something like `iptables -A INPUT -i ppp0 -d 192.168.50.0/24 -j REJECT` somewhere in /etc/ppp/ip-up.d/ – AlexD May 19 '11 at 17:23
-
Worked like a charm :) – ferdyh May 19 '11 at 17:48