Nat problem with GRE

Nat problem with GRE

[Esteban]

Hi there,

I have some troubles to NAT GRE traffic.
On my LAN, some users have to connect to an external PPTP server.
The connection success for the first user who connect the PPTP server.
But it fails for the others, when there is already a user connected to
the server.
I looked with tcpdump, and it seem that the GRE traffic of the second
client is droped (TCP 1723 connection is OK)

Actualy, I accept all the traffic destinated to the PPTP server (so tcp
1723 and gre traffic may be accepted).  

Does anybody know what I am doing wrong ?

Thank you very much.


-- 
Esteban
esteban@epita.fr

RE: Nat problem with GRE

[George Vieira]

No offence but for the <insert large number here>th time use pptp helper in p-o-m.. ;)
GRE is connectionless and also has no ports so connection tracking cannot map the port used to connect so it doesn't know which user behind the firewall to relay the packets to.

So you need the patch-o-matic patch and select the PPTP helper to most likely fix your problem.

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

Phone   : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
 

-----Original Message-----
From: Esteban [mailto:esteban@alstec.fr]
Sent: Tuesday, June 03, 2003 9:35 PM
To: netfilter@lists.netfilter.org
Subject: Nat problem with GRE


Hi there,

I have some troubles to NAT GRE traffic.
On my LAN, some users have to connect to an external PPTP server.
The connection success for the first user who connect the PPTP server.
But it fails for the others, when there is already a user connected to
the server.
I looked with tcpdump, and it seem that the GRE traffic of the second
client is droped (TCP 1723 connection is OK)

Actualy, I accept all the traffic destinated to the PPTP server (so tcp
1723 and gre traffic may be accepted).  

Does anybody know what I am doing wrong ?

Thank you very much.


-- 
Esteban
esteban@epita.fr

Re: Nat problem with GRE

[John Paul]

George, et al.

I actually have the same problem. I successfully patched my kernel(2.4.20)
with ip_pptp_conntrack (P-O-M) but after recompiling my kernel, iptables
doesnt recognize  NAT  anymore. How could this happen?

TIA
Pol

----- Original Message -----
From: "George Vieira" <georgev@citadelcomputer.com.au>
To: "Esteban" <esteban@alstec.fr>; <netfilter@lists.netfilter.org>
Sent: Wednesday, June 04, 2003 6:12 AM
Subject: RE: Nat problem with GRE


No offence but for the <insert large number here>th time use pptp helper in
p-o-m.. ;)
GRE is connectionless and also has no ports so connection tracking cannot
map the port used to connect so it doesn't know which user behind the
firewall to relay the packets to.

So you need the patch-o-matic patch and select the PPTP helper to most
likely fix your problem.

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

Phone   : +61 2 9955 2644
HelpDesk: +61 2 9955 2698


-----Original Message-----
From: Esteban [mailto:esteban@alstec.fr]
Sent: Tuesday, June 03, 2003 9:35 PM
To: netfilter@lists.netfilter.org
Subject: Nat problem with GRE


Hi there,

I have some troubles to NAT GRE traffic.
On my LAN, some users have to connect to an external PPTP server.
The connection success for the first user who connect the PPTP server.
But it fails for the others, when there is already a user connected to
the server.
I looked with tcpdump, and it seem that the GRE traffic of the second
client is droped (TCP 1723 connection is OK)

Actualy, I accept all the traffic destinated to the PPTP server (so tcp
1723 and gre traffic may be accepted).

Does anybody know what I am doing wrong ?

Thank you very much.


--
Esteban
esteban@epita.fr

Re: Nat problem with GRE

[Filip Sneppe]

On Wed, 2003-06-04 at 02:10, John Paul wrote:
> George, et al.
> 
> I actually have the same problem. I successfully patched my kernel(2.4.20)
> with ip_pptp_conntrack (P-O-M) but after recompiling my kernel, iptables
> doesnt recognize  NAT  anymore. How could this happen?
> 
Hi,

Recompile your iptables userspace program against those
patched kernel sources & reinstall it.

Regards,
Filip

Re: Nat problem with GRE (Solved!)

[John Paul]

Thanks to those who responded to this email. What i did actually is;

1. patched the kernel with ip_pptp_* P.O.M. (KERNEL_DIR=/usr/src/linux
./runme bla bla bla)
2. recompile iptables (source)
3. recompile the kernel (make menuconfig; make dep; make bzImage, make
modules; make modules_install)
4. reboot machine

viola! works like a charm.

cheers!


----- Original Message -----
From: "Filip Sneppe" <filip.sneppe@cronos.be>
To: "John Paul" <john@pinoylinux.sytes.net>
Cc: "George Vieira" <georgev@citadelcomputer.com.au>; "Esteban"
<esteban@alstec.fr>; <netfilter@lists.netfilter.org>
Sent: Wednesday, June 04, 2003 4:17 PM
Subject: Re: Nat problem with GRE


> On Wed, 2003-06-04 at 02:10, John Paul wrote:
> > George, et al.
> >
> > I actually have the same problem. I successfully patched my
kernel(2.4.20)
> > with ip_pptp_conntrack (P-O-M) but after recompiling my kernel, iptables
> > doesnt recognize  NAT  anymore. How could this happen?
> >
> Hi,
>
> Recompile your iptables userspace program against those
> patched kernel sources & reinstall it.
>
> Regards,
> Filip
>
>