Hi Florian
Yes after add this rull with small modifycation work perfect.
Thanks for this !
Martin
> On 6 Oct 2022, at 16:43, Florian Westphal <fw@xxxxxxxxx> wrote:
>
> Martin Zaharinov <micron10@xxxxxxxxx> wrote:
>> Huh
>> Very strange in kernel 6.0.0 i not found : net.netfilter.nf_conntrack_helper
>>
>>
>> in old kernel 5.19.14 in sysctl -a | grep net.netfilter.nf_conntrack_helper
>>
>> net.netfilter.nf_conntrack_helper = 1
>
> Yes, so this is expected -- 6.0.0 should behave like 5.19.14 with
> net.netfilter.nf_conntrack_helper=0.
>
> You need something like:
>
> table inet foo {
> ct helper pptp {
> type "pptp" protocol tcp
> l3proto ip
> }
>
> chain prerouting {
> type filter hook prerouting priority filter; policy accept;
> tcp dport 1723 ct helper set "pptp"
> }
> }
>
> ... so that the helper will start processing traffic on the pptp control port.
> You might want to refine the rule a big, e.g.
> 'iifname ppp*' or similar, to restrict/limit the helper to those clients that need
> it.
