NATing PPTP GRE traffic - Derek Vincent

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Derek Vincent" <derek.vincent@kemikal.net>
To: netfilter@lists.netfilter.org
Subject: NATing PPTP GRE traffic
Date: Tue, 20 Jan 2004 09:11:38 -0500	[thread overview]
Message-ID: <00b901c3df5f$52597f30$686fa8c0@vincent> (raw)

I have been try to setup a firewall that will pass PPTP/L2TP traffic to a
windows 2003 server inside the network...

I am using Mandrake 9.2 with the 2.4.22-10mdksecure (delivered) kernel.

I believe that I have shorewall configured correctly  rules below:

DNAT:info       net     loc:192.168.105.1       tcp     1701    -
DNAT:info       net     loc:192.168.105.1       udp    1701    -
DNAT:info       net     loc:192.168.105.1       tcp     1723    -
DNAT:info       net     loc:192.168.105.1       47      -       -

and I am loading the following netfilter modules for natting pptp:

ip_nat_pptp
ip_conntrack_pptp
ip_nat_proto_gre
ip_conntrack_proto_gre

The issue I am having is the when I try to VPN in to the nated windows
server things seem to go ok for the initial communication but I get the
error below:

protocol 47 unreachable [tos 0xc0]

After this occurs a half dozen times the vpn client errors out.

I had found a googled message regarding something similar with the 2.4.22
kernel and tried to the patch-o-matic on it and I suspect that the mandrake
2.4.2-10mdk already has this issue patched since I did not see any patches
that discussed this issue...

I was wondering if there is anything I have missed in the FW rules or if I
am missing load a module...

Cheers and the for any help,

D.

next             reply	other threads:[~2004-01-20 14:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-01-20 14:11 Derek Vincent [this message]
2004-01-20 14:37 ` NATing PPTP GRE traffic Philipp Stader
2004-01-20 14:47 ` Tom Eastep
     [not found] <20040120143327.32258.qmail@e-xyn.com>
2004-01-20 14:37 ` Derek Vincent
2004-01-20 14:59   ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='00b901c3df5f$52597f30$686fa8c0@vincent' \
    --to=derek.vincent@kemikal.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.