PPTP connection tracking on Mandrake 10.0 with Kernel 2.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I need PPTP connection tracking on my Mandrake 10.0 NAT router.
Because there are more private VPN Clients accessing the same public VPN Server.

What I did:
With "urpmi kernel-source" I got the Mandrake 2.6.3-19 kernel sources RPM installed. Already patched for PPTP conntrack.

I configured it including GRE and PPTP support. After compiling and restarting I can modprobe "ip_conntrack_pptp" and it's getting properly loaded including the module "ip_conntrack_proto_gre".

But when a VPN Client now tries to connect to the VPN Server through my NAT router, the router freezes immediatly.

So I thought, maybe I have to recompile iptables and downloaded version 1.2.11 from netfilter.org.
But when I do a make in the iptables folder I end up with this: 
Extensions found: IPv4:addrtype IPv4:condition IPv4:dstlimit IPv4:IPMARK IPv4:mport IPv4:nth IPv4:osf IPv4:quota IPv4:random IPv4:recent IPv4:time IPv6:ah IPv6:condition IPv6:esp IPv6:frag IPv6:ipv6header IPv6:nth IPv6:hbh IPv6:dst IPv6:random IPv6:rt
cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\"  -fPIC -o extensions/libipt_connlimit_sh.o -c extensions/libipt_connlimit.c
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
                 from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
                 from extensions/libipt_connlimit.c:9:
/usr/src/linux/include/asm/byteorder.h:14: error: syntax error before "__u32"
/usr/src/linux/include/asm/byteorder.h:28: error: syntax error before "__u64"
In file included from /usr/src/linux/include/linux/byteorder/little_endian.h:11,
                 from /usr/src/linux/include/asm/byteorder.h:57,
                 from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
                 from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
                 from extensions/libipt_connlimit.c:9:
/usr/src/linux/include/linux/byteorder/swab.h:133: error: syntax error before "__u16"
/usr/src/linux/include/linux/byteorder/swab.h:146: error: syntax error before "__u32"
/usr/src/linux/include/linux/byteorder/swab.h:160: error: syntax error before "__u64"
make: *** [extensions/libipt_connlimit_sh.o] Fehler 1


Now I don't know any further.
Can anybody help?
Here's my iptables configuration, too:
(eth0 is the public interface to the server, eth1 is the private nic)
# Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
*filter
:INPUT ACCEPT [11277:2168399]
:FORWARD DROP [696:122385]
:OUTPUT ACCEPT [4197:782834]
[0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT [3:234] -A INPUT -i eth1 -j DROP [6024:3135556] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT [56:3568] -A FORWARD -d vpn-server -i eth1 -o eth0 -p tcp -m tcp --dport 1723 -j ACCEPT COMMIT
# Completed on Wed Dec 8 21:10:06 2004
# Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
*nat
:PREROUTING ACCEPT [3345:534190]
:POSTROUTING ACCEPT [29:6416]
:OUTPUT ACCEPT [737:180585]
[711:174322] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT
# Completed on Wed Dec 8 21:10:06 2004

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux