The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help needed with iptables / php socket bindto

Discussion in 'Bind / DNS / Nameserver Issues' started by WhiteDog, Aug 12, 2013.

  1. WhiteDog

    WhiteDog Well-Known Member

    Joined:
    Feb 19, 2008
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Hello All,

    I am using a socket in php to access an external resource on my website. I use the "bindto" option to attach the socket to the dedicated IP (e.g. 111.10.10.2) of my cPanel account as otherwise the server IP (e.g. 111.10.10.1) is used. This in itself works fine:
    PHP:
    $opts['socket'] = array('bindto' => '111.10.10.2:0'); }
    $context stream_context_create($opts);
    For a completely different purpose, I recently enabled pptpd support on my server to use it as a VPN (followed this tutorial). This in itself also works fine.

    However after setting up the PPTP VPN, the php code i mentioned earlier is no longer "working". The external resource now reports that I am using the server IP 111.10.10.1 instead of the IP i'm binding to. As the PHP code in itself does not give any errors, it must be the changes made to iptables to make the PPTP VPN work that are causing this.

    These are the lines that are added to iptables:
    Code:
    iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
    iptables -A INPUT -i eth0 -p gre -j ACCEPT
    iptables -A OUTPUT -p gre -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
    If I comment these lines, the binding works again:
    Code:
    iptables -A OUTPUT -p gre -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    
    I'm no hero with iptables unfortunately. Can someone help me to adapt the above lines so that e.g. they only apply to a certain IP and not the whole network interface?

    Many thanks in advance!
     
  2. WhiteDog

    WhiteDog Well-Known Member

    Joined:
    Feb 19, 2008
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    I changed:
    Code:
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    Into (10.22.222.0/24 is the private range i defined in pptpd):
    Code:
    iptables -t nat -A POSTROUTING -s 10.22.222.0/24 -o eth0 -j MASQUERADE
    Seems to have done the trick :)
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page