From: "J.T. Moore" <jtmoore@xxxxxxxxxxxxxxxxxxxxxx> > You will need to DNAT inbound traffic to TCP port 1723 and the GRE > protocol (IP Protocol 47). Any nat or conntracking of GRE requires the > PPTP connection tracking and NAT helper patch for iptables and kernel > pacth from the iptables patch-o-matic next generataion (pom-ng) extra's > repository. This patch was recently broken on 2.6.11 and newer kernels, > but the latest notes in netfilter-svn say that its been fixed and will work > on 2.6.11 and newer. > As far as I know, PPTP connection tracking is for the PPTP client going through firewall, ie pptp masquerade. It is not needed for DNAT of PPTP into a pptp server. Cheers.
