From: Patrick McHardy <kaber@trash.net>
To: Greg Scott <GregScott@InfraSupportEtc.com>
Cc: netfilter-devel@lists.netfilter.org,
Mike McRae <Mike_McRae@schneidermans.com>
Subject: Re: Troubeleshooting a PPTP conversation
Date: Mon, 28 Aug 2006 11:23:35 +0200 [thread overview]
Message-ID: <44F2B617.3000508@trash.net> (raw)
In-Reply-To: <925A849792280C4E80C5461017A4B8A206F9CF@mail733.InfraSupportEtc.com>
Greg Scott wrote:
> Hello -
>
> I have a firewall with kernel 2.6.17.1 and iptables 1.3.5. Behind it is
> a Win2000 server with MS RRAS. I am using ip_nat_pptp and
> ip_conntrack_pptp and trying to setup a PPTP VPN connection from my
> place to this target server. I have appropriate NAT and filtering rules
> set up for tcp 1723 and GRE. It all works great when I do it the first
> time but began failing for some people after multiple connections or
> connections from different PCs behind the same remote NAT gateway. Now
> it is behaving badly for me. I had a PPTP connection from my place to
> the target site last night and then it dropped unexpectedly for some
> reason. Today I am not able to establish it again. It's almost as if
> the firewall thinks the old connnection is still alive and it won't get
> rid of a leftover bogus conntrack entry to start a new one.
What does /proc/net/ip_conntrack show?
> Below is some tcpdump output and I am trying to understand what it is
> telling me: I did a little bit of formatting to hopefully make it
> readable. 66.173.97.0/27 is my place. The target site is
> aaa.bbb.212.154.
What is 10.13.1.22? Please also show your NAT rules and explain
on which side of the firewall your sniffing.
> 18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
> proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
> : P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32) ack
> 1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1
> a2b3c4d CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
> RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
> CONN_SPEED(1480832
> 5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
next prev parent reply other threads:[~2006-08-28 9:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-27 0:13 Troubeleshooting a PPTP conversation Greg Scott
2006-08-28 9:23 ` Patrick McHardy [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-08-28 13:30 Greg Scott
2006-08-28 15:14 ` Patrick McHardy
2006-08-28 19:14 Greg Scott
2006-08-29 2:24 Greg Scott
2006-08-29 12:23 Greg Scott
2006-08-29 12:54 ` Patrick McHardy
2006-09-04 14:46 ` Patrick McHardy
2006-09-04 15:46 Greg Scott
2006-09-04 16:12 ` Patrick McHardy
2006-09-04 16:22 Greg Scott
2006-09-04 16:26 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44F2B617.3000508@trash.net \
--to=kaber@trash.net \
--cc=GregScott@InfraSupportEtc.com \
--cc=Mike_McRae@schneidermans.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.