Gday, Ive been tackling pptp-conntrack-nat with kernel 2.6 for the past couple of days and im not getting far. It appears that pptp-conntrack-nat for 2.6 is very experimental and is not working in its current state. It worked well in 2.4. Ive come up with a quick hack, though it isnt very stable and is only limited to a single internal machine. It uses the MARK target to mark gre packets which allows netfilter to track the packets easily. external interface = ppp0 internal pptp client = 192.168.1.50 mark value = 1 iptables -t mangle -A PREROUTING -i ppp0 -p gre -j MARK --set-mark 1 iptables -t nat -A PREROUTING -i ppp0 -p gre -m mark --mark 1 -j DNAT --to 192.168.1.50 iptables -A FORWARD -i ppp0 -p gre -m mark --mark 1 -j ACCEPT Are there any other solutions to getting internal workstations connected to external PPTP servers with connection tracking in 2.6? Assigning external routable addresses to internal machines really isnt an option at the moment. Cheers! -- Rene Cunningham DCLabs Pty Ltd http://www.dclabs.com.au
