From: Philip Craig <philipc@snapgear.com>
To: Harald Welte <laforge@netfilter.org>
Cc: netfilter-devel <netfilter-devel@lists.netfilter.org>
Subject: Re: PPTP connection tracking and Poptop on same box
Date: Mon, 22 Sep 2003 18:06:29 +1000 [thread overview]
Message-ID: <3F6EAD85.1070707@snapgear.com> (raw)
In-Reply-To: <20030921140546.GB20986@sunbeam.de.gnumonks.org>
[-- Attachment #1: Type: text/plain, Size: 1401 bytes --]
Harald Welte wrote:
> great. NAT works also?
Actually, I've only tested with NAT.
> However, there were some problems with running a PPTP daemon on the PPTP
> NAT box at the same time, and I never really understand the source of
> the problem [most likely because I didn't have enough time]. So I went
> for the 'quick fix now, real solution later' approach, that ended up
> with the 25_natcore-nohelper.patch.
If I recall correctly, the problem was that local PPTP connections did not
work unless you also had CONFIG_IP_NF_NAT_LOCAL enabled. This was because
the helper/expect were being called at LOCAL_OUT, but not at LOCAL_IN,
and so the manips were only created for one direction.
Is it possible to change it so that the helper is not called at all
at LOCAL_OUT unless CONFIG_IP_NF_NAT_LOCAL is enabled?
Btw, why do we even have the LOCAL_OUT hook for nat when
CONFIG_IP_NF_NAT_LOCAL is disabled?
>>The second concern is that I believe we choose the NATed call ID
>>based on the TCP source port prior to source NAT, which means we
>>may not get a unique call ID. If you agree this is a problem
>>then I can try to fix it.
>
>
> Yes, this is a problem. If you want to work on a fix, I'd be more to
> happy to integrate it.
I've attached a patch for this.
--
Philip Craig - philipc@snapgear.com - http://www.SnapGear.com
SnapGear - Custom Embedded Solutions and Security Appliances
[-- Attachment #2: pptp-nat-source.patch --]
[-- Type: text/plain, Size: 488 bytes --]
--- netfilter-extensions/helpers/pptp/ip_nat_pptp.c 4 Jul 2003 19:05:57 -0000 1.4
+++ netfilter-extensions/helpers/pptp/ip_nat_pptp.c 22 Sep 2003 04:41:46 -0000
@@ -170,7 +170,7 @@
/* save original call ID in nat_info */
nat_pptp_info->pns_call_id = ct_pptp_info->pns_call_id;
- new_callid = tcph->source;
+ new_callid = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.tcp.port;
/* save new call ID in ct info */
ct_pptp_info->pns_call_id = ntohs(new_callid);
break;
next prev parent reply other threads:[~2003-09-22 8:06 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-02 5:36 PPTP connection tracking and Poptop on same box Menno Smits
2003-09-03 23:21 ` Jeff Hall
2003-09-04 6:59 ` Menno Smits
2003-09-04 8:04 ` Jeff Hall
2003-09-04 12:16 ` Wim Ceulemans
2003-09-04 23:57 ` Jeff Hall
2003-09-05 0:21 ` Menno Smits
2003-09-05 11:55 ` Harald Welte
2003-09-08 0:58 ` Menno Smits
2003-09-18 7:28 ` Wim Ceulemans
2003-09-18 23:57 ` Menno Smits
2003-09-09 8:39 ` Philip Craig
2003-09-21 14:05 ` Harald Welte
2003-09-22 8:06 ` Philip Craig [this message]
2003-09-22 8:52 ` Harald Welte
2003-09-21 22:48 ` Harald Welte
-- strict thread matches above, loose matches on Subject: below --
2003-09-02 23:25 Menno Smits
2004-01-18 23:00 Carl Farrington
2004-01-18 23:38 ` Antony Stone
[not found] <739652C2AFA4834AAB5986A215F68CEC4977@svr1.home.compsup.net>
2004-01-19 0:03 ` Antony Stone
2004-01-27 2:00 ` Harald Welte
2004-01-19 16:23 Carl Farrington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F6EAD85.1070707@snapgear.com \
--to=philipc@snapgear.com \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.