Hi, I've searched the archives for this subject and found plenty of documentation, but nothing that's worked so far. I have a number of clients behind a router using NAT trying to connect to a server which is itself behind a router and NAT'd. First client can connect no problem, any additional clients generate "GRE: Discarding out of order packet" messages on the server. (The first client stays connected.) I'm using the pptp conntrack patch from pom20031219 with 2.4.24. ip_nat_proto_gre, ip_nat_pptp, ip_conntrack_proto_gre and ip_conntrack_pptp are loaded. iptables has been recompiled and I am able to create rules in the nat table. The server only has one interface and it's IP is 10.10.10.99. The clients connect to 61.61.61.163 -- the NAT for this address is performed on a router at the server end; the server has no visibility of the external address. The local IP range for poptop is 192.168.0.0/24, the remote is 10.10.10.50-10.10.10.60. Should this config be possible and if so, can anyone provide the iptables rules necessary to get it up and running? thanks in advance, Craig
