From: Radien Radien <radien@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Help! problem with PPTPD and pptp nat helper
Date: Sun, 26 Dec 2004 15:45:45 +0330 [thread overview]
Message-ID: <4a0a384e041226041571f504ae@mail.gmail.com> (raw)
But based on netfilter pom-ng documentation its needed for NAT working properly
http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-pptp-conntrack-nat
I have great successfull experiment using these 4 p-o-m modules, they
work perfect in my cases multiple session for DNAT and SNAT even both
at the same time. But when the last one is loaded part of pptpd(when
uses pppd) cannot negotiate using LCP, it seems so in logfiles. And if
I unload it, pptpd works fine!!
#This adds CONFIG_IP_NF_PPTP:
#Connection tracking and NAT support for PPTP. Using this, you can track
#PPTP/GRE connections and do SNAT/DNAT. You have to load the following modules
#for connection tracking:
# ip_conntrack_proto_gre
# ip_conntrack_pptp
#for NAT:
# ip_nat_proto_gre
# ip_nat_pptp
#
It seems to be a conflict of using ppp, with ip_nat_pptp module and pptpd.
-------------------------------------------------------------------------------------------------------
>trying to connect to a server which is itself behind a router and NAT'd
You mentioned that you applied the conntrack patch. Did you do this on
both the firewalls? I have had success with the following. Note that I
have disabled ip_nat_pptp. If I load ip_nat_pptp then only one person
can connect and on the first time only. Subsequent attempts fail. I
have asked but received no feedback on this as well. But hopefully this
will help you as well.
Anyways, here's what I run and the order that I run them in. The
firewall currently has two active incoming connections I did test
multiple outgoing connections when I configured it.
/etc/rc.d/rc.local:
/sbin/modprobe ip_conntrack_proto_gre
/sbin/modprobe ip_conntrack_pptp
/sbin/modprobe ip_nat_proto_gre
#/sbin/modprobe ip_nat_pptp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_irc
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_mms
/sbin/modprobe ip_nat_mms
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_TARPIT
/sbin/modprobe ip_gre
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_nat
Gary Smith
next reply other threads:[~2004-12-26 12:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-26 12:15 Radien Radien [this message]
[not found] <27594E8BA9D5CA458F5EF87D88B6B48F0198C6@pxtvjoexd01.pxt.primeexalia.com>
2005-01-16 5:25 ` Help! problem with PPTPD and pptp nat helper Radien Radien
-- strict thread matches above, loose matches on Subject: below --
2004-12-27 22:15 Gary W. Smith
2004-12-21 16:58 Gary W. Smith
2004-12-21 15:00 __ Radien__
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4a0a384e041226041571f504ae@mail.gmail.com \
--to=radien@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.