> By the way, if you make a custom kernel with the PPTP NAT > patch, then it > may cause problems with running a PPTP server on the same machine (at > least, I saw this in one case, but I didn't build that kernel > so I don't > know exactly which patch was used). I have seen this happening too with kernels I built myself. http://www.netfilter.org/documentation/pomlist/pom-extra.html#pptp-connt rack-nat : ---- Note that this code currently has limitations - can only NAT connections from PNS to PAC - doesnt' support multiple calls within one session ---- So, what I think I should read here is that it isn't needed (read : you should not use) if you have Poptop running on the same box as iptables as no conntrack or nat is needed. (Correct me if I'm wrong, but that is my experience..) OTOH, if you have pptp clients (*not* a server) behind iptables then you should only use ip_conntrack_pptp. When you have this setup, don't load ip_nat_pptp because you won't be able to connect to Poptop anymore. In my case ; when I don't load ip_conntrack_pptp then sometimes I can connect to Poptop and sometimes not. With ip_conntrack_pptp this behaviour is solved. Rob
