pptp vpn issue

tydgb@live.cn · Post by **tydgb@live.cn** » 2014/03/18 11:55:19

i have build pptp server on the centos 5.x machine
on the windows client can be connected and ping website is pass.
but can not open some website e.g. facebook and twitter ,
youtube and sina.com baidu.com is nomal open it .
so i don't know why ?
who can help me . thanks

all iptables rule as follow on the centos:
# Generated by iptables-save v1.3.5 on Sun Feb 9 12:15:13 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1492:128481]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -s 192.168.8.0/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2233 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Feb 9 12:15:13 2014
# Generated by iptables-save v1.3.5 on Sun Feb 9 12:15:13 2014
*nat
:PREROUTING ACCEPT [1980:1314158]
:POSTROUTING ACCEPT [7:471]
:OUTPUT ACCEPT [7:471]
-A POSTROUTING -s 192.168.8.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Feb 9 12:15:13 2014

[tydgb@dengguibao etc]$ cat issue
CentOS release 5.10 (Final)
Kernel \r on an \m

[tydgb@dengguibao etc]$ uname -r
2.6.18-371.4.1.el5xen