Trying to use pptp nat/contrack modules to access VPN server on the internet from a client(W2k, SP2) behind my nat/firewall iptables machine. Versions used: iptables 1.2.9rc1 pom from cvs snapshot (20031007) Network setup: 192.168.168.175 (netmask 255.255.255.0) ==> cisco1 192.168.168.1 ==> cisco2 192.168.120.2 ==> linux nat box 192.168.120.1 ==> (internet) ==> VPN PPTP Server (WatchGuard Technologies, Inc.) WITHOUT ip_nat_pptp, ip_conntrack_pptp, ip_conntrack_proto_gre, ip_nat_proto_gre loaded: Connection to external VPN Server works, but just one client at a time may access the VPN server. WITH the above modules loaded: Connection can't be established. Packet dump shows: gre encapsulated ppp conf req going out; returning (ppp conf rej) packets show up on the firewall external interface, but don't show up on the internal interface/network; instead they end up being blocked by INPUT firewall - rules; looks like they aren't correctly associated with the gre expectation and end up being treated as destined for the firewall locally. iptables configuration/rules were not changed from previous test, so I'd expect the ruleset to be OK. Any Idea where to start looking? Yours, Martin
