>trying to connect to a server which is itself behind a router and NAT'd You mentioned that you applied the conntrack patch. Did you do this on both the firewalls? I have had success with the following. Note that I have disabled ip_nat_pptp. If I load ip_nat_pptp then only one person can connect and on the first time only. Subsequent attempts fail. I have asked but received no feedback on this as well. But hopefully this will help you as well. Anyways, here's what I run and the order that I run them in. The firewall currently has two active incoming connections I did test multiple outgoing connections when I configured it. /etc/rc.d/rc.local: /sbin/modprobe ip_conntrack_proto_gre /sbin/modprobe ip_conntrack_pptp /sbin/modprobe ip_nat_proto_gre #/sbin/modprobe ip_nat_pptp /sbin/modprobe ip_conntrack_irc /sbin/modprobe ip_nat_irc /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/modprobe ip_conntrack_mms /sbin/modprobe ip_nat_mms /sbin/modprobe ipt_LOG /sbin/modprobe ipt_TARPIT /sbin/modprobe ip_gre /sbin/modprobe ipt_MASQUERADE /sbin/modprobe ip_conntrack /sbin/modprobe iptable_nat
