Help needed with iptables / php socket bindto

[WhiteDog]

Hello All,

I am using a socket in php to access an external resource on my website. I use the "bindto" option to attach the socket to the dedicated IP (e.g. 111.10.10.2) of my cPanel account as otherwise the server IP (e.g. 111.10.10.1) is used. This in itself works fine:

$opts['socket'] = array('bindto' => '111.10.10.2:0'); }
$context = stream_context_create($opts);

For a completely different purpose, I recently enabled pptpd support on my server to use it as a VPN (followed this tutorial). This in itself also works fine.

However after setting up the PPTP VPN, the php code i mentioned earlier is no longer "working". The external resource now reports that I am using the server IP 111.10.10.1 instead of the IP i'm binding to. As the PHP code in itself does not give any errors, it must be the changes made to iptables to make the PPTP VPN work that are causing this.

These are the lines that are added to iptables:

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

If I comment these lines, the binding works again:

iptables -A OUTPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

I'm no hero with iptables unfortunately. Can someone help me to adapt the above lines so that e.g. they only apply to a certain IP and not the whole network interface?

Many thanks in advance!

 

[WhiteDog]

I changed:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Into (10.22.222.0/24 is the private range i defined in pptpd):

iptables -t nat -A POSTROUTING -s 10.22.222.0/24 -o eth0 -j MASQUERADE

Seems to have done the trick

 

[cPanelMichael]

I am happy to hear you were able to resolve the issue. Thank you for updating the thread with the solution.