ip conntrack pptp and nat pptp problem
Gary W. Smith
gary at primeexalia.com
Thu Dec 9 06:14:20 CET 2004
I have a problem running both of these modules at one time
(ip_conntrack_pptp and ip_nat_pptp). Here is my scenario. We have a
firewall that is running both poptop and pptpclient under RHEL3. The
firewall can accept incoming pptp sessions without fail. It can also
make outgoing calls without fail unless ip_nat_pptp is loaded. When
ip_nat_pptp is loaded the firewall fails on all outgoing request.
Clients behind the firewall that need to talk to other pptp servers
cannot make reliable calls unless ip_nat_pptp is loaded. If loaded they
Originally I was told that this was handled by ip_conntrack_pptp which
is loaded but seems to have no effect for calls originating behind the
firewall. Here are the modules that I', loading and the order that I'm
loading them in (in case that makes a difference)
Please note that this is a custom kernel with the conntrack_pptp module
loaded (no other changes) as well as a recompiled iptables to match
(because of the change table space structures). Iptables is v1.2.11
This is something that we have been fighting with for several weeks now.
Any help would be greatly appreciated.
More information about the netfilter