v1.2.11. This is on RHEL3v3. I figured if I had to recompile iptables I might as well upgrade while I was at it. It could also be that the hardware device does not support multiple NAT'd GRE packets. I've had problems with some clients using some (not all) Linksys devices. Some others that are based on the Linux kernel are more likely to fail as well (from what I've been told and found in some news groups). Gary ________________________________ From: Craig Nellist [mailto:nellistc@xxxxxxxxx] Sent: Tue 12/14/2004 5:02 PM To: Gary W. Smith Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: multiple nat'd clients to poptop On Tue, 14 Dec 2004 15:02:43 -0800, Gary W. Smith <gary@xxxxxxxxxxxxxxx> wrote: > >trying to connect to a server which is itself behind a router and NAT'd > > You mentioned that you applied the conntrack patch. Did you do this on both the firewalls? I have had success with the following. Note that I have disabled ip_nat_pptp. If I load ip_nat_pptp then only one person can connect and on the first time only. Subsequent attempts fail. I have asked but received no feedback on this as well. But hopefully this will help you as well. I have the conntrack patch applied on the server machine. The clients are behind a hardware router/firewall (not a PC). > Anyways, here's what I run and the order that I run them in. The firewall currently has two active incoming connections I did test multiple outgoing connections when I configured it. Ok, thanks for the info. Which iptables rules do you have running in conjunction with this? cheers, Craig
