pptp nat and fedora core3

All of lore.kernel.org
 help / color / mirror / Atom feed

* pptp nat and fedora core3
@ 2005-02-17 13:41 Peter Marshall
  2005-02-17 14:34 ` Jason Opperisano
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Marshall @ 2005-02-17 13:41 UTC (permalink / raw)
  To: netfilter

I am building a firewall that has to support the natting of pptp ... I 
was hoping fedora core 3 would have the necessary conntrack modules 
(like gre and pptp) built into the kernel ... but it does not ...

I would REALLY prefer to not have to re-compile the kernel ... Is there 
a "laodmodule" line I can use to add the stuff at runtime ?  What 
modules do I need ?

I am going to have windows xp boxes use the built in pptp client to 
connect out of my lan to an external site ....

Is there a difference between what you would do with rh9 and fed core3

Thanks for the advice,
Peter

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: pptp nat and fedora core3
  2005-02-17 13:41 pptp nat and fedora core3 Peter Marshall
@ 2005-02-17 14:34 ` Jason Opperisano
  0 siblings, 0 replies; 2+ messages in thread
From: Jason Opperisano @ 2005-02-17 14:34 UTC (permalink / raw)
  To: netfilter

On Thu, 2005-02-17 at 08:41, Peter Marshall wrote:
> I am building a firewall that has to support the natting of pptp ... I 
> was hoping fedora core 3 would have the necessary conntrack modules 
> (like gre and pptp) built into the kernel ... but it does not ...

nope--sure doesn't.

> I would REALLY prefer to not have to re-compile the kernel ... 

well...ya gotta...

> Is there 
> a "laodmodule" line I can use to add the stuff at runtime ?  

no.

> What 
> modules do I need ?

ip_conntrack_pptp
ip_conntrack_proto_gre
ip_nat_pptp
ip_nat_proto_gre

> I am going to have windows xp boxes use the built in pptp client to 
> connect out of my lan to an external site ....
> 
> Is there a difference between what you would do with rh9 and fed core3

sort of.  redhat 9 is a 2.4-based distro, while fc3 is a 2.6-based
distro.  you can search the archives on this, but my observation is that
there are still issues with the 2.6 of the PPTP conntrack/nat code.

if you *must* use 2.6, you almost certainly will want to grab the latest
POM from SVN.  note:  "must" means the machine you are using as the
firewall will not run with a 2.4 kernel.

if the machine is 2.4-friendly, then stick with what works.  since rh9
is eol--if this is a new install, and you like the rh-style of distro,
might i suggest CentOS as base for your firewall?  take it from a guy
that runs it--FC is a toy, and a nightmare to maintain if you're used
stable code and patch updates that don't break things... 

-j

--
"I'm better than dirt. Well, most kinds of dirt... not that fancy
 store-bought dirt... that stuff's loaded with nutrients, I... I
 can't compete with that stuff."
	--The Simpsons

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-02-17 14:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-17 13:41 pptp nat and fedora core3 Peter Marshall
2005-02-17 14:34 ` Jason Opperisano

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.