pptp-conntrack-nat & kernel 2.6.11

Gary W. Smith gary at primeexalia.com
Sun Oct 16 04:17:40 CEST 2005 

Antonio, 

You are missing the flag to turn on proto_gre.  That's why it's not
available to you.

--- kernel-2.6.9-i686.config.orig       2005-01-05 16:17:41.000000000
-0800
+++ kernel-2.6.9-i686.config    2005-02-22 11:58:30.000000000 -0800
@@ -640,6 +640,14 @@
 CONFIG_IP_NF_CT_PROTO_SCTP=m
 # CONFIG_IP_NF_COMPAT_IPCHAINS is not set
 # CONFIG_IP_NF_COMPAT_IPFWADM is not set
+CONFIG_IP_NF_MATCH_CONNLIMIT=m
+CONFIG_IP_NF_TARGET_TARPIT=m
+CONFIG_IP_NF_NAT_H323=m
+CONFIG_IP_NF_H323=m
+CONFIG_IP_NF_CT_PROTO_GRE=m
+CONFIG_IP_NF_PPTP=m
+CONFIG_IP_NF_NAT_PPTP=m
+CONFIG_IP_NF_NAT_PROTO_GRE=m
 
 #
 # IPv6: Netfilter Configuration
@@ -947,7 +955,8 @@
 CONFIG_PPP_SYNC_TTY=m
 CONFIG_PPP_DEFLATE=m
 CONFIG_IPPP_FILTER=y
-# CONFIG_PPP_BSDCOMP is not set
+CONFIG_PPP_BSDCOMP=m
+CONFIG_PPP_MPPE=m
 CONFIG_PPPOE=m
 # CONFIG_SLIP is not set

> -----Original Message-----
> From: netfilter-devel-bounces at lists.netfilter.org
[mailto:netfilter-devel-
> bounces at lists.netfilter.org] On Behalf Of Antonio
> Sent: Friday, October 14, 2005 2:24 PM
> To: Harald Welte
> Cc: Netfilter Development Mailinglist; Netfilter Mailinglist
> Subject: Re: pptp-conntrack-nat & kernel 2.6.11
> 
> On 10/13/05, Antonio <anton.ananich at gmail.com> wrote:
> > Dear Harald!
> >
> > On 10/12/05, Harald Welte <laforge at netfilter.org> wrote:
> > > if you compile a kernel with static support for pptpconntrack+nat,
you
> > > will see neither of the two in "lsmod".  Can you please send me
> > > (privately) your kernel .config file that was used for the
"statically
> > > linked" kernel, and (if possible) also the kernel binary itself?
> >
> > To reproduce my kernel configuration you need:
> > 1) kernel 2.6.14-rc3
> > 2) patch for mppe&mppc support (in attachment)
> > 3) .config.old (also in attachment)
> >
> > file .config contains config which works fine
> >
> > --
> > Best Regards,
> > Antonio
> >
> 
> I'm still trying to make NAT work. Now I'm using kernel 2.6.14-rc3.
> And I whant to say that it almost working! :) My Linux box connects to
> Internet through router. But everyone else (who uses Windows) have not
> this happy possibility...
> 
> I think that reason is There is no modules ip_conntrack_proto_gre and
> ip_nat_proto_gre anywhere :(  When I was using kernel 2.4 there was
> not such troubles with PPTP and NAT integration...
> 
> How can I enable connaction tracking & nat for the gre protocol? Is it
> neccessary? Is it a reason of gre packets loss?
> 
> Additional information:
> 
> servak linux # cat .config | grep GRE
> CONFIG_NET_IPGRE=y
> # CONFIG_NET_SCH_GRED is not set
> CONFIG_NET_SCH_INGRESS=y
> servak linux # cat .config | grep PPTP
> CONFIG_IP_NF_PPTP=m
> CONFIG_IP_NF_NAT_PPTP=m
> servak linux # cat .config | grep NAT
> CONFIG_IP_NF_NAT=m
> CONFIG_IP_NF_NAT_NEEDED=y
> # CONFIG_IP_NF_NAT_SNMP_BASIC is not set
> CONFIG_IP_NF_NAT_IRC=m
> CONFIG_IP_NF_NAT_FTP=m
> CONFIG_IP_NF_NAT_PPTP=m
> # CONFIG_NATSEMI is not set
> 
> I'm using the only one rule
> $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> 
> I hope it will be helpful to take a look at ethereal output from
attach.
> 
> --
> Best Regards,
> Antonio

More information about the netfilter mailing list