This question is kinda directed to Harald Welte. The version that I have for ip_conntrack is from patch-o-matic-20031219.tar. Could this be the problem? It seems that there is a slightly more update version of the ip_nat_* files for PPTP in CVS (7 weeks old). Would those few changes have an impact on what I am seeing? I've seemed to have mixed success and failures with PPTP. When I get one thing to work something else breaks. I'm sure the answers out there. Gary Smith > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Gary W. Smith > Sent: Wednesday, December 08, 2004 9:14 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: ip conntrack pptp and nat pptp problem > > Hello, > > I have a problem running both of these modules at one time > (ip_conntrack_pptp and ip_nat_pptp). Here is my scenario. We have a > firewall that is running both poptop and pptpclient under RHEL3. The > firewall can accept incoming pptp sessions without fail. It can also > make outgoing calls without fail unless ip_nat_pptp is loaded. When > ip_nat_pptp is loaded the firewall fails on all outgoing request. > Clients behind the firewall that need to talk to other pptp servers > cannot make reliable calls unless ip_nat_pptp is loaded. If loaded they > work fine... > > Originally I was told that this was handled by ip_conntrack_pptp which > is loaded but seems to have no effect for calls originating behind the > firewall. Here are the modules that I', loading and the order that I'm > loading them in (in case that makes a difference) > > > /sbin/modprobe ip_conntrack_proto_gre > /sbin/modprobe ip_conntrack_pptp > /sbin/modprobe ip_nat_proto_gre > /sbin/modprobe ip_nat_pptp > /sbin/modprobe ip_conntrack_irc > /sbin/modprobe ip_nat_irc > /sbin/modprobe ip_conntrack_ftp > /sbin/modprobe ip_nat_ftp > /sbin/modprobe ip_conntrack_mms > /sbin/modprobe ip_nat_mms > /sbin/modprobe ipt_LOG > /sbin/modprobe ip_gre > /sbin/modprobe ipt_MASQUERADE > /sbin/modprobe ip_conntrack > /sbin/modprobe iptable_nat > > Please note that this is a custom kernel with the conntrack_pptp module > loaded (no other changes) as well as a recompiled iptables to match > (because of the change table space structures). Iptables is v1.2.11 > > This is something that we have been fighting with for several weeks now. > Any help would be greatly appreciated. > > Gary Smith >
