PPTP Nat Module - Joshua Jackson

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Jackson <iptables@vortech.net>
To: netfilter@lists.netfilter.org
Subject: PPTP Nat Module
Date: Tue, 9 Dec 2003 21:39:12 -0500	[thread overview]
Message-ID: <200312092139.12609.iptables@vortech.net> (raw)

I know there have been a pile of questions about this module in the past, but 
I can't seem to find any responses about the behaviour I am seeing.

I am currently running a 2.4.23 kernel with the lastest officially released 
POM patches applied to it. The network being protected by the firewall is 
providing NAT for the hosts behind it. If the ip_nat_pptp module is loaded, 
none of the protected clients can establish an outbound PPTP session. If the 
conntrack modules are removed, a single session can be established (as would 
be expected).

The remote PPTP server log shows the initial TCP connection, but never sees 
any GRE traffic from the connecting host.

I have seen posts about the local NAT kernel option, I have tried it both ways 
with the same results. If there are any kernel settings in particular that I 
may be missing, please let me know.

My iptables firewall rules include a default policy of DROP for INPUT and 
FORWARD, ACCEPT for OUTPUT. The first line in the rules includes an ACCEPT 
for the INPUT chain for established and related connection. There is also a 
rule allowing any traffic for all protocols to any host which originates from 
the protected network on the internal interface.

-- 
Joshua Jackson
Vortech Consulting
http://www.vortech.net

next             reply	other threads:[~2003-12-10  2:39 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-10  2:39 Joshua Jackson [this message]
2003-12-10  3:24 ` PPTP Nat Module Philip Craig
2003-12-10 18:17   ` Joshua Jackson
  -- strict thread matches above, loose matches on Subject: below --
2003-12-09 23:03 PPTP NAT module Joshua Jackson
2003-12-11 15:57 ` Oleg Savostyanov
2003-12-11 16:49   ` Joshua Jackson
2003-12-20  4:14   ` Joshua Jackson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200312092139.12609.iptables@vortech.net \
    --to=iptables@vortech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.