From: Ausi <ausi@gmx.de>
To: netfilter@lists.netfilter.org
Subject: PPTP connection tracking on Mandrake 10.0 with Kernel 2.6
Date: Wed, 08 Dec 2004 20:24:28 +0100 [thread overview]
Message-ID: <41B754EC.5000900@gmx.de> (raw)
Hi,
I need PPTP connection tracking on my Mandrake 10.0 NAT router.
Because there are more private VPN Clients accessing the same public VPN
Server.
What I did:
With "urpmi kernel-source" I got the Mandrake 2.6.3-19 kernel sources
RPM installed. Already patched for PPTP conntrack.
I configured it including GRE and PPTP support. After compiling and
restarting I can modprobe "ip_conntrack_pptp" and it's getting properly
loaded including the module "ip_conntrack_proto_gre".
But when a VPN Client now tries to connect to the VPN Server through my
NAT router, the router freezes immediatly.
So I thought, maybe I have to recompile iptables and downloaded version
1.2.11 from netfilter.org.
But when I do a make in the iptables folder I end up with this:
> Extensions found: IPv4:addrtype IPv4:condition IPv4:dstlimit IPv4:IPMARK IPv4:mport IPv4:nth IPv4:osf IPv4:quota IPv4:random IPv4:recent IPv4:time IPv6:ah IPv6:condition IPv6:esp IPv6:frag IPv6:ipv6header IPv6:nth IPv6:hbh IPv6:dst IPv6:random IPv6:rt
> cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_connlimit_sh.o -c extensions/libipt_connlimit.c
> In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
> from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
> from extensions/libipt_connlimit.c:9:
> /usr/src/linux/include/asm/byteorder.h:14: error: syntax error before "__u32"
> /usr/src/linux/include/asm/byteorder.h:28: error: syntax error before "__u64"
> In file included from /usr/src/linux/include/linux/byteorder/little_endian.h:11,
> from /usr/src/linux/include/asm/byteorder.h:57,
> from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
> from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
> from extensions/libipt_connlimit.c:9:
> /usr/src/linux/include/linux/byteorder/swab.h:133: error: syntax error before "__u16"
> /usr/src/linux/include/linux/byteorder/swab.h:146: error: syntax error before "__u32"
> /usr/src/linux/include/linux/byteorder/swab.h:160: error: syntax error before "__u64"
> make: *** [extensions/libipt_connlimit_sh.o] Fehler 1
Now I don't know any further.
Can anybody help?
Here's my iptables configuration, too:
(eth0 is the public interface to the server, eth1 is the private nic)
> # Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
> *filter
> :INPUT ACCEPT [11277:2168399]
> :FORWARD DROP [696:122385]
> :OUTPUT ACCEPT [4197:782834]
> [0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT
> [3:234] -A INPUT -i eth1 -j DROP
> [6024:3135556] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> [56:3568] -A FORWARD -d vpn-server -i eth1 -o eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
> COMMIT
> # Completed on Wed Dec 8 21:10:06 2004
> # Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
> *nat
> :PREROUTING ACCEPT [3345:534190]
> :POSTROUTING ACCEPT [29:6416]
> :OUTPUT ACCEPT [737:180585]
> [711:174322] -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Wed Dec 8 21:10:06 2004
next reply other threads:[~2004-12-08 19:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-08 19:24 Ausi [this message]
2004-12-08 23:15 ` PPTP connection tracking on Mandrake 10.0 with Kernel 2.6 Jason Opperisano
[not found] ` <41B80A4C.6090002@gmx.de>
2004-12-09 13:05 ` Jason Opperisano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41B754EC.5000900@gmx.de \
--to=ausi@gmx.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.