From: Wim Ceulemans <wim.ceulemans@able.be>
To: Wim Ceulemans <wim.ceulemans@able.be>
Cc: Harald Welte <laforge@netfilter.org>,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
Netfilter Mailinglist <netfilter@lists.netfilter.org>
Subject: Re: New Version (1.13) of PPTP conntrack/nat helper
Date: Wed, 24 Sep 2003 18:34:50 +0200 [thread overview]
Message-ID: <3F71C7AA.9050700@able.be> (raw)
In-Reply-To: <3F718312.4020000@able.be>
[-- Attachment #1: Type: text/plain, Size: 2611 bytes --]
Hi Harald
This is the debug log, with CONFIG_IP_NF_NAT_LOCAL switched on and one
session trying pptp through the firewall to an internal windows2000 server.
18:26:06 kernel: ip_tables: (C) 2000-2002 Netfilter core team
18:26:06 kernel: ip_conntrack version 2.1 (2048 buckets, 16384 max) -
324 bytes per conntrack
18:26:06 kernel: ip_conntrack_pptp.c:init: ip_conntrack_pptp.c:
registering helper
18:26:06 kernel: ip_conntrack_pptp version 1.9 loaded
18:26:32 kernel: ip_nat_pptp.c:init: ip_nat_pptp.c: registering NAT helper
18:26:32 kernel: ip_nat_pptp version 1.5 loaded
18:26:58 kernel: ip_conntrack_pptp.c:conntrack_pptp_help: ctinfo = 2,
skipping
18:26:58 kernel: ip_nat_pptp.c:tcp_help: entering
18:26:58 kernel: ip_nat_pptp.c:tcp_help: Not touching dir ORIG at hook
PREROUTING
18:27:01 kernel: ip_conntrack_pptp.c:conntrack_pptp_help: ctinfo = 2,
skipping
18:27:01 kernel: ip_nat_pptp.c:tcp_help: entering
18:27:01 kernel: ip_nat_pptp.c:tcp_help: Not touching dir ORIG at hook
PREROUTING
18:27:07 kernel: ip_conntrack_pptp.c:conntrack_pptp_help: ctinfo = 2,
skipping
18:27:07 kernel: ip_nat_pptp.c:tcp_help: entering
18:27:07 kernel: ip_nat_pptp.c:tcp_help: Not touching dir ORIG at hook
PREROUTING
Regards
Wim
Wim Ceulemans wrote:
> Harald
>
> Sorry, my mistake, the crashes occur with CONFIG_IP_NF_NAT_LOCAL is
> switched off.
> I'll produce a debug log when CONFIG_IP_NF_NAT_LOCAL is on of one PPTP
> session through the firewall.
>
> Regards
> Wim
>
> Harald Welte wrote:
>
>> On Tue, Sep 23, 2003 at 06:25:40PM +0200, Wim Ceulemans wrote:
>>
>>
>>
>>> If I switch CONFIG_IP_NF_NAT_LOCAL off, the forwarding to a pptp
>>> server behind the firewall works.
>>> If switch it on, I don't see any gre packet behind the firewall, so
>>> it does not work.
>>>
>>> However, with CONFIG_IP_NF_NAT_LOCAL on I have had two freezes
>>> (firewall completely stuck and I had to switch it on and off).
>>>
>>
>>
>> So to summarize: It works perfectly of it is OFF, but you have problems
>> with DNAT and crashes, if it is ON. That is surprising - it seems like
>> the problems have just been reverting :(
>>
>> Did you do anything in particular when the firewall hang happened? (like
>> unloading/loading a module, ...)?
>>
>>
>>
>>> Regards
>>> Wim
>>>
>>
>>
>>
>>
>
>
--
Wim Ceulemans
R&D Engineer
Secure Internet Communication with aXs Guard
Able NV
Leuvensesteenweg 282 - B-3190 Boortmeerbeek - Belgium
Phone: + 32 15 50.44.00 - Fax: + 32 15 50.44.09
E-mail: wim.ceulemans@able.be
--
Security check on this e-mail has been done by aXs GUARD
(http://www.axsguard.com)
prev parent reply other threads:[~2003-09-24 16:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-22 20:30 New Version (1.13) of PPTP conntrack/nat helper Harald Welte
2003-09-23 13:38 ` Wim Ceulemans
2003-09-23 14:49 ` Harald Welte
2003-09-23 16:25 ` Wim Ceulemans
2003-09-24 10:13 ` Harald Welte
2003-09-24 11:42 ` Wim Ceulemans
2003-09-24 16:34 ` Wim Ceulemans [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F71C7AA.9050700@able.be \
--to=wim.ceulemans@able.be \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.