PPTP connection tracking on Mandrake 10.0 with Kernel 2.6
Jason Opperisano
opie at 817west.com
Thu Dec 9 00:15:47 CET 2004
On Wed, 2004-12-08 at 14:24, Ausi wrote:
> Hi,
> I need PPTP connection tracking on my Mandrake 10.0 NAT router.
> Because there are more private VPN Clients accessing the same public VPN
> Server.
>
> What I did:
> With "urpmi kernel-source" I got the Mandrake 2.6.3-19 kernel sources
> RPM installed. Already patched for PPTP conntrack.
>
> I configured it including GRE and PPTP support. After compiling and
> restarting I can modprobe "ip_conntrack_pptp" and it's getting properly
> loaded including the module "ip_conntrack_proto_gre".
>
> But when a VPN Client now tries to connect to the VPN Server through my
> NAT router, the router freezes immediatly.
uh--that sounds pretty drastic...not saying this will fix it, but did
you also:
modprobe ip_nat_pptp
modprobe ip_nat_proto_gre
> So I thought, maybe I have to recompile iptables and downloaded version
> 1.2.11 from netfilter.org.
> But when I do a make in the iptables folder I end up with this:
i think this may not be the best first step...
<snip>
> Here's my iptables configuration, too:
> (eth0 is the public interface to the server, eth1 is the private nic)
> > # Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
> > *filter
> > :INPUT ACCEPT [11277:2168399]
> > :FORWARD DROP [696:122385]
> > :OUTPUT ACCEPT [4197:782834]
> > [0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT
> > [3:234] -A INPUT -i eth1 -j DROP
> > [6024:3135556] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> > [56:3568] -A FORWARD -d vpn-server -i eth1 -o eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
how come there's no:
-A FORWARD -d vpn-server -i eth1 -o eth0 -p 47 -j ACCEPT
> > COMMIT
> > # Completed on Wed Dec 8 21:10:06 2004
> > # Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
> > *nat
> > :PREROUTING ACCEPT [3345:534190]
> > :POSTROUTING ACCEPT [29:6416]
> > :OUTPUT ACCEPT [737:180585]
> > [711:174322] -A POSTROUTING -o eth0 -j MASQUERADE
> > COMMIT
> > # Completed on Wed Dec 8 21:10:06 2004
-j
--
"When will I learn? The answer to life's problems aren't at the bottom
of a bottle, they're on TV!"
--The Simpsons
More information about the netfilter
mailing list