What's new

How do block internet if PPTP tunnel goes down?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If i do an iptables -L -v command, i get the following output for the Forward
Code:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination        
65749 4079K TCPMSS     tcp  --  any    any     anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
  11M   14G ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 DROP       all  --  !br0   vlan2   anywhere             anywhere          
    0     0 DROP       all  --  vlan2  any     anywhere             anywhere             state INVALID
    0     0 ACCEPT     all  --  br0    br0     anywhere             anywhere          
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT
107K 7988K ACCEPT     all  --  br0    any     anywhere             anywhere          
    0     0 DROP       all  --  !br0   ppp5    anywhere             anywhere

i read this as "drop any inbound connection to vlan2 (WAN connection) or ppp5 (VPN) unless it comes from br0 (the bridge)" So does this mean that your original suggestion
Code:
#!/bin/sh

sleep 4

iptables -I FORWARD -i br0 -o ppp5 -j ACCEPT
iptables -I FORWARD -i ppp5 -o br0 -j ACCEPT
iptables -I FORWARD ! -o ppp5 -s 192.168.2.50 -j DROP
iptables -I FORWARD ! -o ppp5 -s 192.168.2.60 -j DROP
iptables -I FORWARD ! -o ppp5 -s 192.168.2.70 -j DROP
iptables -I INPUT -i ppp5 -j REJECT
iptables -t nat -A POSTROUTING -o ppp5 -j MASQUERADE

should work even though br0 is showing a LAN IP instead of a WAN IP?
Not sure unless I try your setup..That script works for openVPN I used it for the longest time until Rmerlin incorporated it in the Policy rules then I took out the script.
br0 is your WAN port. You have a VLAN2 in the equation. I am not sure.
You need to make some tests. It took me months to figure out Policy rules with scripts.
 
Similar threads
Thread starter Title Forum Replies Date
Mastiff I can ping PPTP VPN-server from router, but the clients have no connection VPN 0

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top