I know there have been a pile of questions about this module in the past, but I can't seem to find any responses about the behaviour I am seeing. I am currently running a 2.4.23 kernel with the lastest officially released POM patches applied to it. The network being protected by the firewall is providing NAT for the hosts behind it. If the ip_nat_pptp module is loaded, none of the protected clients can establish an outbound PPTP session. If the conntrack modules are removed, a single session can be established (as would be expected). The remote PPTP server log shows the initial TCP connection, but never sees any GRE traffic from the connecting host. I have seen posts about the local NAT kernel option, I have tried it both ways with the same results. If there are any kernel settings in particular that I may be missing, please let me know. My iptables firewall rules include a default policy of DROP for INPUT and FORWARD, ACCEPT for OUTPUT. The first line in the rules includes an ACCEPT for the INPUT chain for established and related connection. There is also a rule allowing any traffic for all protocols to any host which originates from the protected network on the internal interface. -- Joshua Jackson Vortech Consulting http://www.vortech.net
