PPTP and netfilter

PPTP and netfilter

[Thomas Kirk]

Hey there listmembers!

I know this issue has been discussed alot but im still abit
confused. Let me say that if i get this to work i will write a
detailed describtion on how i did it, kind of a hands-on howto :)

Ive managed sucessfully to patch 2.4.18 kernel with the newest
patch-o-matic and get it to compile. The linuxkernel was a vanillatype
thing downloaded from kernel.org and patch-o-matic was downloaded from
here :

ftp://ftp.netfilter.org/pub/patch-o-matic/snapshot/patch-o-matic-20021028.tar.bz2

ive loaded the modules :

ip_conntrack_pptp		2400   0  (unused)
ip_conntrack_proto_gre		2432   0  [ip_conntrack_pptp]

Now im abit confused on the rules i need to apply to my firewall to
make it work.

Case is this : 

Client<------>[Firewall/NAT]<------>[INTERNET]<------>[SERVER]

So my only worry is howto "translate" GRE packets and allow clients on
inside of firewall to establish PPTP to server on internet through
firewall.

So fare ive added these rules to firewall :

$IPTABLES -A lan_chain -p 47 -s $LAN_NET2 -j ACCEPT
$IPTABLES -A lan_chain -p tcp --dport 1723 -s $LAN_NET2 -j ACCEPT

lan_chain are outgoing chain. Is this all i need to add to firewall to
make it work or am i overlooking something? 

Please let me know if you need additional information on
setup/configuration to help me solve this puzzle!

Thanks in advance

-- 
Venlig hilsen/Kind regards
Thomas Kirk
ARKENA
thomas(at)arkena(dot)com
Http://www.arkena.com


BOFH excuse #345:

Having to manually track the satellite.

RE: PPTP and netfilter

[Sneppe Filip]

[-- Attachment #1: Type: text/plain, Size: 281 bytes --]

Thomas Kirk [mailto:thomas@arkena.com] wrote:
>
>ive loaded the modules :
>
>ip_conntrack_pptp		2400   0  (unused)
>ip_conntrack_proto_gre		2432   0  [ip_conntrack_pptp]
>

Hi Thomas,

You will also have to load ip_nat_pptp.o and ip_nat_proto_gre.o

Regards,
Filip


[-- Attachment #2: Type: text/html, Size: 902 bytes --]