PPTP connection tracking on Mandrake 10.0 with Kernel 2.6

PPTP connection tracking on Mandrake 10.0 with Kernel 2.6

[Ausi]

Hi,
I need PPTP connection tracking on my Mandrake 10.0 NAT router.
Because there are more private VPN Clients accessing the same public VPN 
Server.

What I did:
With "urpmi kernel-source" I got the Mandrake 2.6.3-19 kernel sources 
RPM installed. Already patched for PPTP conntrack.

I configured it including GRE and PPTP support. After compiling and 
restarting I can modprobe "ip_conntrack_pptp" and it's getting properly 
loaded including the module "ip_conntrack_proto_gre".

But when a VPN Client now tries to connect to the VPN Server through my 
NAT router, the router freezes immediatly.

So I thought, maybe I have to recompile iptables and downloaded version 
1.2.11 from netfilter.org.
But when I do a make in the iptables folder I end up with this:
> Extensions found: IPv4:addrtype IPv4:condition IPv4:dstlimit IPv4:IPMARK IPv4:mport IPv4:nth IPv4:osf IPv4:quota IPv4:random IPv4:recent IPv4:time IPv6:ah IPv6:condition IPv6:esp IPv6:frag IPv6:ipv6header IPv6:nth IPv6:hbh IPv6:dst IPv6:random IPv6:rt
> cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\"  -fPIC -o extensions/libipt_connlimit_sh.o -c extensions/libipt_connlimit.c
> In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
>                  from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
>                  from extensions/libipt_connlimit.c:9:
> /usr/src/linux/include/asm/byteorder.h:14: error: syntax error before "__u32"
> /usr/src/linux/include/asm/byteorder.h:28: error: syntax error before "__u64"
> In file included from /usr/src/linux/include/linux/byteorder/little_endian.h:11,
>                  from /usr/src/linux/include/asm/byteorder.h:57,
>                  from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
>                  from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
>                  from extensions/libipt_connlimit.c:9:
> /usr/src/linux/include/linux/byteorder/swab.h:133: error: syntax error before "__u16"
> /usr/src/linux/include/linux/byteorder/swab.h:146: error: syntax error before "__u32"
> /usr/src/linux/include/linux/byteorder/swab.h:160: error: syntax error before "__u64"
> make: *** [extensions/libipt_connlimit_sh.o] Fehler 1

Now I don't know any further.
Can anybody help?
Here's my iptables configuration, too:
(eth0 is the public interface to the server, eth1 is the private nic)
> # Generated by iptables-save v1.2.9 on Wed Dec  8 21:10:06 2004
> *filter
> :INPUT ACCEPT [11277:2168399]
> :FORWARD DROP [696:122385]
> :OUTPUT ACCEPT [4197:782834]
> [0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT 
> [3:234] -A INPUT -i eth1 -j DROP 
> [6024:3135556] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
> [56:3568] -A FORWARD -d vpn-server -i eth1 -o eth0 -p tcp -m tcp --dport 1723 -j ACCEPT 
> COMMIT
> # Completed on Wed Dec  8 21:10:06 2004
> # Generated by iptables-save v1.2.9 on Wed Dec  8 21:10:06 2004
> *nat
> :PREROUTING ACCEPT [3345:534190]
> :POSTROUTING ACCEPT [29:6416]
> :OUTPUT ACCEPT [737:180585]
> [711:174322] -A POSTROUTING -o eth0 -j MASQUERADE 
> COMMIT
> # Completed on Wed Dec  8 21:10:06 2004

Re: PPTP connection tracking on Mandrake 10.0 with Kernel 2.6

[Jason Opperisano]

On Wed, 2004-12-08 at 14:24, Ausi wrote:
> Hi,
> I need PPTP connection tracking on my Mandrake 10.0 NAT router.
> Because there are more private VPN Clients accessing the same public VPN 
> Server.
> 
> What I did:
> With "urpmi kernel-source" I got the Mandrake 2.6.3-19 kernel sources 
> RPM installed. Already patched for PPTP conntrack.
> 
> I configured it including GRE and PPTP support. After compiling and 
> restarting I can modprobe "ip_conntrack_pptp" and it's getting properly 
> loaded including the module "ip_conntrack_proto_gre".
> 
> But when a VPN Client now tries to connect to the VPN Server through my 
> NAT router, the router freezes immediatly.

uh--that sounds pretty drastic...not saying this will fix it, but did
you also:

  modprobe ip_nat_pptp
  modprobe ip_nat_proto_gre

> So I thought, maybe I have to recompile iptables and downloaded version 
> 1.2.11 from netfilter.org.
> But when I do a make in the iptables folder I end up with this:

i think this may not be the best first step...

<snip>

> Here's my iptables configuration, too:
> (eth0 is the public interface to the server, eth1 is the private nic)
> > # Generated by iptables-save v1.2.9 on Wed Dec  8 21:10:06 2004
> > *filter
> > :INPUT ACCEPT [11277:2168399]
> > :FORWARD DROP [696:122385]
> > :OUTPUT ACCEPT [4197:782834]
> > [0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT 
> > [3:234] -A INPUT -i eth1 -j DROP 
> > [6024:3135556] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
> > [56:3568] -A FORWARD -d vpn-server -i eth1 -o eth0 -p tcp -m tcp --dport 1723 -j ACCEPT 

how come there's no:

  -A FORWARD -d vpn-server -i eth1 -o eth0 -p 47 -j ACCEPT

> > COMMIT
> > # Completed on Wed Dec  8 21:10:06 2004
> > # Generated by iptables-save v1.2.9 on Wed Dec  8 21:10:06 2004
> > *nat
> > :PREROUTING ACCEPT [3345:534190]
> > :POSTROUTING ACCEPT [29:6416]
> > :OUTPUT ACCEPT [737:180585]
> > [711:174322] -A POSTROUTING -o eth0 -j MASQUERADE 
> > COMMIT
> > # Completed on Wed Dec  8 21:10:06 2004

-j

--
"When will I learn? The answer to life's problems aren't at the bottom
 of a bottle, they're on TV!"
	--The Simpsons

Re: PPTP connection tracking on Mandrake 10.0 with Kernel 2.6

[Jason Opperisano]

On Thu, 2004-12-09 at 03:18, Ausi wrote: 
> > uh--that sounds pretty drastic...not saying this will fix it, but did
> > you also:
> > 
> >   modprobe ip_nat_pptp
> >   modprobe ip_nat_proto_gre
> > 
> No, there are no modules ip_nat_pptp and ip_nat_proto_gre.

well--i'm pretty sure you're going to need those...

-j

--
"Dear Baby, Welcome to Dumpsville. Population: You"
	--The Simpsons