Добрый день Сто раз поднималась тема. И я понимаю, что вся проблема в том что я не совсем понимаю как работает iptables.
Имею шлюз и локальную сеть. Из локальной сети никто не может подключится vpn (pptp) :(
Т.е. Подключаемся, но РДП например не работает ((
$ iptables-save
# Generated by iptables-save v1.6.0 on Mon Mar 25 21:03:15 2019
*mangle
:PREROUTING ACCEPT [99735008:95246975054]
:INPUT ACCEPT [14636800:14821707894]
:FORWARD ACCEPT [84958743:80395462970]
:OUTPUT ACCEPT [11669896:14310889844]
:POSTROUTING ACCEPT [96628639:94706352814]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Mar 25 21:03:16 2019
# Generated by iptables-save v1.6.0 on Mon Mar 25 21:03:16 2019
*nat
:PREROUTING ACCEPT [40154:4961309]
:INPUT ACCEPT [13637:1279019]
:OUTPUT ACCEPT [1219:86586]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp5s0 -j MASQUERADE
-A POSTROUTING -o ppp+ -j MASQUERADE
COMMIT
# Completed on Mon Mar 25 21:03:16 2019
# Generated by iptables-save v1.6.0 on Mon Mar 25 21:03:16 2019
*filter
:INPUT ACCEPT [8775:3272507]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1191:342246]
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
COMMIT
$ ifconfig
enp2s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 90:e6:ba:d6:dd:52 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.250 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::204:75ff:fefb:5745 prefixlen 64 scopeid 0x20<link>
ether 00:04:75:fb:57:45 txqueuelen 1000 (Ethernet)
RX packets 72219044 bytes 12696633100 (11.8 GiB)
RX errors 0 dropped 0 overruns 1 frame 0
TX packets 147793060 bytes 198508703763 (184.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 base 0xdc00
enp5s1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::202:44ff:fea5:68e3 prefixlen 64 scopeid 0x20<link>
ether 00:02:44:a5:68:e3 txqueuelen 1000 (Ethernet)
RX packets 168648170 bytes 217096073146 (202.1 GiB)
RX errors 3 dropped 10 overruns 3 frame 0
TX packets 92139194 bytes 29318985423 (27.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 135 bytes 10252 (10.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 135 bytes 10252 (10.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1492
inet 46.98.77.189 netmask 255.255.255.255 destination 212.115.225.252
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 168516961 bytes 213379342513 (198.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 91208448 bytes 27256542028 (25.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
modprobe nf_conntrack_pptp && modprobe nf_conntrack && modprobe $ ip_gre && modprobe ip_nat_pptp
# sysctl net.netfilter.nf_conntrack_helper=1
Дамп с сервера впн куда подключаемся
21:52:58.252366 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665118510 ecr 0,nop,wscale 7], length 0
21:52:59.268949 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665119524 ecr 0,nop,wscale 7], length 0
21:53:01.281724 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665121540 ecr 0,nop,wscale 7], length 0
21:53:05.315796 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665125572 ecr 0,nop,wscale 7], length 0
