Trouble with PPTP

Trouble with PPTP

[Andrzej Kozak]

[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

Hello!
When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT is broken if I use iptables with -t nat
I get message: iptables: Invalid argument
Iptables v. 1.2.8
I need establish connect from my security network to outside VPN server.

best regards

Andrew Kozak

[-- Attachment #2: Type: text/html, Size: 862 bytes --]

trouble with pptp

[Andrzej Kozak]

[-- Attachment #1: Type: text/plain, Size: 285 bytes --]

Hello!
When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT is broken if I use iptables with -t nat
I get message: iptables: Invalid argument
Iptables v. 1.2.8
I need establish connect from my security network to outside VPN server.

best regards
Andrew Kozak

[-- Attachment #2: Type: text/html, Size: 675 bytes --]

Re: Trouble with PPTP

[Phil Oester]

Rebuild iptables userspace using the patched kernel for the headers.

Phil Oester

On Wed, Oct 15, 2003 at 03:46:49PM +0200, Andrzej Kozak wrote:
> Hello!
> When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT is broken if I use iptables with -t nat
> I get message: iptables: Invalid argument
> Iptables v. 1.2.8
> I need establish connect from my security network to outside VPN server.
> 
> best regards
> 
> Andrew Kozak

Re: Trouble with PPTP

[Philip Craig]

Andrzej Kozak wrote:
> Hello!
> When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT is broken if I use iptables with -t nat
> I get message: iptables: Invalid argument
> Iptables v. 1.2.8

 From pptp-conntrack-nat.patch.help:
- you have to recompile your iptables userspace program since some
   structure sizes change

-- 
Philip Craig - philipc@snapgear.com - http://www.SnapGear.com
SnapGear - Custom Embedded Solutions and Security Appliances

Re: Trouble with PPTP

[Andrzej Kozak]

[-- Attachment #1: Type: text/plain, Size: 966 bytes --]

Thanks Phil,
Is better but not excellent.
After when I :
Patched kernel (pptp-conntrack-nat from p-o-m)
Recompiled iptables v 1.2.8
Recompiled kernel
i get the same message: iptables: Invalid argument
but only if firewall script is automated executing from /etc/rc.boot/firewallscript (DEBIAN 3.0 distribution) when linux is booting or rebooting.
If I log into system and executing this script manually is everything OK !
What is wrong ? 

best regards
Andrew Kozak


> Rebuild iptables userspace using the patched kernel for the headers.
>
> Phil Oester
>
> On Wed, Oct 15, 2003 at 03:46:49PM +0200, Andrzej Kozak wrote:
> > Hello!
> > When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT
is broken if I use iptables with -t nat
> > I get message: iptables: Invalid argument
> > Iptables v. 1.2.8
> > I need establish connect from my security network to outside VPN server.
> >
> > best regards
> >
> > Andrew Kozak

[-- Attachment #2: Type: text/html, Size: 1857 bytes --]

Re: Trouble with PPTP

[Fernando Barrocal]

[-- Attachment #1: Type: text/plain, Size: 1106 bytes --]


You will need to compile iptables after the kernel then reboot

--
F.Barrocal

At 14:38 22/10/2003, Andrzej Kozak wrote:
>Thanks Phil,
>Is better but not excellent.
>After when I :
>Patched kernel (pptp-conntrack-nat from p-o-m)
>Recompiled iptables v 1.2.8
>Recompiled kernel
>i get the same message: iptables: Invalid argument
>but only if firewall script is automated executing from 
>/etc/rc.boot/firewallscript (DEBIAN 3.0 distribution) when linux is 
>booting or rebooting.
>If I log into system and executing this script manually is everything OK !
>What is wrong ?
>
>best regards
>Andrew Kozak
>
>
> > Rebuild iptables userspace using the patched kernel for the headers.
> >
> > Phil Oester
> >
> > On Wed, Oct 15, 2003 at 03:46:49PM +0200, Andrzej Kozak wrote:
> > > Hello!
> > > When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT
>is broken if I use iptables with -t nat
> > > I get message: iptables: Invalid argument
> > > Iptables v. 1.2.8
> > > I need establish connect from my security network to outside VPN server.
> > >
> > > best regards
> > >
> > > Andrew Kozak


[-- Attachment #2: Type: text/html, Size: 1412 bytes --]

RE: Trouble with PPTP

[Regalado, Ron]

[-- Attachment #1: Type: text/plain, Size: 1432 bytes --]

 
Should I use the rpm package from Redhat or compile the package from
netfilter.org?

 
  _____  

From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Fernando Barrocal
Sent: Wednesday, October 22, 2003 12:23 PM
To: Andrzej Kozak; kernel@linuxace.com
Cc: netfilter@lists.netfilter.org
Subject: Re: Trouble with PPTP



You will need to compile iptables after the kernel then reboot

--
F.Barrocal

At 14:38 22/10/2003, Andrzej Kozak wrote:


Thanks Phil,
Is better but not excellent.
After when I :
Patched kernel (pptp-conntrack-nat from p-o-m)
Recompiled iptables v 1.2.8
Recompiled kernel
i get the same message: iptables: Invalid argument
but only if firewall script is automated executing from
/etc/rc.boot/firewallscript (DEBIAN 3.0 distribution) when linux is booting
or rebooting.
If I log into system and executing this script manually is everything OK !
What is wrong ? 
 
best regards
Andrew Kozak
 
 
> Rebuild iptables userspace using the patched kernel for the headers.
>
> Phil Oester
>
> On Wed, Oct 15, 2003 at 03:46:49PM +0200, Andrzej Kozak wrote:
> > Hello!
> > When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT
is broken if I use iptables with -t nat
> > I get message: iptables: Invalid argument
> > Iptables v. 1.2.8
> > I need establish connect from my security network to outside VPN server.
> >
> > best regards
> >
> > Andrew Kozak



[-- Attachment #2: Type: text/html, Size: 2624 bytes --]

RE: Trouble with PPTP

[Fernando Barrocal]

[-- Attachment #1: Type: text/plain, Size: 1631 bytes --]


I used the RPMs, if you need I can send you the How-to I did

At 17:06 22/10/2003, Regalado, Ron wrote:
>
>Should I use the rpm package from Redhat or compile the package from 
>netfilter.org?
>
>
>
>----------
>From: netfilter-admin@lists.netfilter.org 
>[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Fernando Barrocal
>Sent: Wednesday, October 22, 2003 12:23 PM
>To: Andrzej Kozak; kernel@linuxace.com
>Cc: netfilter@lists.netfilter.org
>Subject: Re: Trouble with PPTP
>
>
>You will need to compile iptables after the kernel then reboot
>
>--
>F.Barrocal
>
>At 14:38 22/10/2003, Andrzej Kozak wrote:
>>Thanks Phil,
>>Is better but not excellent.
>>After when I :
>>Patched kernel (pptp-conntrack-nat from p-o-m)
>>Recompiled iptables v 1.2.8
>>Recompiled kernel
>>i get the same message: iptables: Invalid argument
>>but only if firewall script is automated executing from 
>>/etc/rc.boot/firewallscript (DEBIAN 3.0 distribution) when linux is 
>>booting or rebooting.
>>If I log into system and executing this script manually is everything OK !
>>What is wrong ?
>>
>>best regards
>>Andrew Kozak
>>
>>
>> > Rebuild iptables userspace using the patched kernel for the headers.
>> >
>> > Phil Oester
>> >
>> > On Wed, Oct 15, 2003 at 03:46:49PM +0200, Andrzej Kozak wrote:
>> > > Hello!
>> > > When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and -SNAT
>>is broken if I use iptables with -t nat
>> > > I get message: iptables: Invalid argument
>> > > Iptables v. 1.2.8
>> > > I need establish connect from my security network to outside VPN server.
>> > >
>> > > best regards
>> > >
>> > > Andrew Kozak


[-- Attachment #2: Type: text/html, Size: 2191 bytes --]

Re: Trouble with PPTP

[Ranjeet Shetye]

On Wed, 2003-10-22 at 09:38, Andrzej Kozak wrote:
> Thanks Phil,
> Is better but not excellent.
> After when I :
> Patched kernel (pptp-conntrack-nat from p-o-m)
> Recompiled iptables v 1.2.8
> Recompiled kernel
> i get the same message: iptables: Invalid argument
> but only if firewall script is automated executing from
> /etc/rc.boot/firewallscript (DEBIAN 3.0 distribution) when linux is
> booting or rebooting.
> If I log into system and executing this script manually is everything
> OK !
> What is wrong ? 
>  
> best regards
> Andrew Kozak
>  
>  
> > Rebuild iptables userspace using the patched kernel for the headers.
> >
> > Phil Oester
> >
> > On Wed, Oct 15, 2003 at 03:46:49PM +0200, Andrzej Kozak wrote:
> > > Hello!
> > > When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and
> -SNAT
> is broken if I use iptables with -t nat
> > > I get message: iptables: Invalid argument
> > > Iptables v. 1.2.8
> > > I need establish connect from my security network to outside VPN
> server.
> > >
> > > best regards
> > >
> > > Andrew Kozak

1. make sure your /usr/src/linux link points to the correct linux kernel
source. I dont think this is the problem, just verify this.

2. it sounds like you've got iptables installed in 2 seperate locations.
the older version (compiled against old kernel) is hardcoded or picked
up by the init scripts but when you log in, your $PATH picks up the
newer one (compiled against correct kernel).

I think this is what your problem is.

"locate iptables | grep bin" should identify this problem very quickly.
If not, then you need to dig into the /etc/init.d script that is used on
botup and see where its picking up its iptables from. "which iptables"
should tell you where your login copy is coming from.

HTH,

-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.

RE: Trouble with PPTP

[Edmund Turner]

[-- Attachment #1: Type: text/plain, Size: 2050 bytes --]

Dear Fernando, I would really appreciate if you could send me the
"how-to" for that installation. I have been planning to implement it on
my network.

Thanks in advance!

Regards

edmund

 

-----Original Message-----regards


From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Fernando
Barrocal
Sent: Thursday, October 23, 2003 4:36 AM
To: Regalado, Ron; Andrzej Kozak; kernel@linuxace.com
Cc: netfilter@lists.netfilter.org
Subject: RE: Trouble with PPTP

 


I used the RPMs, if you need I can send you the How-to I did

At 17:06 22/10/2003, Regalado, Ron wrote:



 
Should I use the rpm package from Redhat or compile the package from
netfilter.org?

 

  _____  

From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Fernando
Barrocal
Sent: Wednesday, October 22, 2003 12:23 PM
To: Andrzej Kozak; kernel@linuxace.com
Cc: netfilter@lists.netfilter.org
Subject: Re: Trouble with PPTP


You will need to compile iptables after the kernel then reboot

--
F.Barrocal

At 14:38 22/10/2003, Andrzej Kozak wrote:



Thanks Phil,
Is better but not excellent.
After when I :
Patched kernel (pptp-conntrack-nat from p-o-m)
Recompiled iptables v 1.2.8
Recompiled kernel
i get the same message: iptables: Invalid argument
but only if firewall script is automated executing from
/etc/rc.boot/firewallscript (DEBIAN 3.0 distribution) when linux is
booting or rebooting.
If I log into system and executing this script manually is everything OK
!
What is wrong ? 
 
best regards
Andrew Kozak
 
 
> Rebuild iptables userspace using the patched kernel for the headers.
>
> Phil Oester
>
> On Wed, Oct 15, 2003 at 03:46:49PM +0200, Andrzej Kozak wrote:
> > Hello!
> > When I patched my 2.4.22 kernel with pptp-conntrack-nat -DNAT and
-SNAT
is broken if I use iptables with -t nat
> > I get message: iptables: Invalid argument
> > Iptables v. 1.2.8
> > I need establish connect from my security network to outside VPN
server.
> >
> > best regards
> >
> > Andrew Kozak



[-- Attachment #2: Type: text/html, Size: 7025 bytes --]