FYI, the reason why you needed GRE is because GRE is PORTless connections and iptables without the GRE module cannot determine which client inside it's for because connection tracking uses ports to track.... but GRE has none... so the module find what's what and does it's little magic.. ;) -----Original Message----- From: Urban Spielmann [mailto:spielmann@xxxxxxxxxxxxxxxx] Sent: Tuesday, May 27, 2003 6:10 PM To: Ralf Spenneberg Cc: Netfilter Subject: AW: Multi PPTP clients behind iptables firewall Now it works, but I had to do not only modprobe ip_nat_pptp also modprobe ip_nat_proto_gre I do not know why. But im lucky it works. Regards, Urban -----Ursprüngliche Nachricht----- Von: Ralf Spenneberg [mailto:lists@xxxxxxxxxxxxxx] Gesendet: Dienstag, 20. Mai 2003 08:16 An: Urban Spielmann Cc: Netfilter Betreff: Re: Multi PPTP clients behind iptables firewall Am Sam, 2003-05-17 um 05.41 schrieb Urban Spielmann: > Hi > > I have Windows-XP-Clients behind a linux firewall ( kernal 2.4.20). I > do VPN over PPTP to a VPN-Server on the internet. > > I configured the iptables and it works fine for ONE client. > > But a second client at the same time does not :-( > > Do I have to use any patches for kernal 2.4.20? Yes. You have to use the nat_pptp module. Depending on your kernel you have to patch and recompile your kernel. You will find the patch on http://www.netfilter.org. Then do a modprobe ip_nat_pptp And it should work. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
