Re: PPTP connection tracking on Mandrake 10.0 with Kernel 2.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2004-12-08 at 14:24, Ausi wrote:
> Hi,
> I need PPTP connection tracking on my Mandrake 10.0 NAT router.
> Because there are more private VPN Clients accessing the same public VPN 
> Server.
> 
> What I did:
> With "urpmi kernel-source" I got the Mandrake 2.6.3-19 kernel sources 
> RPM installed. Already patched for PPTP conntrack.
> 
> I configured it including GRE and PPTP support. After compiling and 
> restarting I can modprobe "ip_conntrack_pptp" and it's getting properly 
> loaded including the module "ip_conntrack_proto_gre".
> 
> But when a VPN Client now tries to connect to the VPN Server through my 
> NAT router, the router freezes immediatly.

uh--that sounds pretty drastic...not saying this will fix it, but did
you also:

  modprobe ip_nat_pptp
  modprobe ip_nat_proto_gre

> So I thought, maybe I have to recompile iptables and downloaded version 
> 1.2.11 from netfilter.org.
> But when I do a make in the iptables folder I end up with this:

i think this may not be the best first step...

<snip>

> Here's my iptables configuration, too:
> (eth0 is the public interface to the server, eth1 is the private nic)
> > # Generated by iptables-save v1.2.9 on Wed Dec  8 21:10:06 2004
> > *filter
> > :INPUT ACCEPT [11277:2168399]
> > :FORWARD DROP [696:122385]
> > :OUTPUT ACCEPT [4197:782834]
> > [0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT 
> > [3:234] -A INPUT -i eth1 -j DROP 
> > [6024:3135556] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
> > [56:3568] -A FORWARD -d vpn-server -i eth1 -o eth0 -p tcp -m tcp --dport 1723 -j ACCEPT 

how come there's no:

  -A FORWARD -d vpn-server -i eth1 -o eth0 -p 47 -j ACCEPT

> > COMMIT
> > # Completed on Wed Dec  8 21:10:06 2004
> > # Generated by iptables-save v1.2.9 on Wed Dec  8 21:10:06 2004
> > *nat
> > :PREROUTING ACCEPT [3345:534190]
> > :POSTROUTING ACCEPT [29:6416]
> > :OUTPUT ACCEPT [737:180585]
> > [711:174322] -A POSTROUTING -o eth0 -j MASQUERADE 
> > COMMIT
> > # Completed on Wed Dec  8 21:10:06 2004

-j

--
"When will I learn? The answer to life's problems aren't at the bottom
 of a bottle, they're on TV!"
	--The Simpsons
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux