* RE: Nat problem with GRE
@ 2003-06-03 22:12 George Vieira
2003-06-04 0:10 ` John Paul
0 siblings, 1 reply; 5+ messages in thread
From: George Vieira @ 2003-06-03 22:12 UTC (permalink / raw)
To: Esteban, netfilter
No offence but for the <insert large number here>th time use pptp helper in p-o-m.. ;)
GRE is connectionless and also has no ports so connection tracking cannot map the port used to connect so it doesn't know which user behind the firewall to relay the packets to.
So you need the patch-o-matic patch and select the PPTP helper to most likely fix your problem.
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
Phone : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
-----Original Message-----
From: Esteban [mailto:esteban@alstec.fr]
Sent: Tuesday, June 03, 2003 9:35 PM
To: netfilter@lists.netfilter.org
Subject: Nat problem with GRE
Hi there,
I have some troubles to NAT GRE traffic.
On my LAN, some users have to connect to an external PPTP server.
The connection success for the first user who connect the PPTP server.
But it fails for the others, when there is already a user connected to
the server.
I looked with tcpdump, and it seem that the GRE traffic of the second
client is droped (TCP 1723 connection is OK)
Actualy, I accept all the traffic destinated to the PPTP server (so tcp
1723 and gre traffic may be accepted).
Does anybody know what I am doing wrong ?
Thank you very much.
--
Esteban
esteban@epita.fr
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Nat problem with GRE
2003-06-03 22:12 Nat problem with GRE George Vieira
@ 2003-06-04 0:10 ` John Paul
2003-06-04 8:17 ` Filip Sneppe
0 siblings, 1 reply; 5+ messages in thread
From: John Paul @ 2003-06-04 0:10 UTC (permalink / raw)
To: George Vieira, Esteban, netfilter
George, et al.
I actually have the same problem. I successfully patched my kernel(2.4.20)
with ip_pptp_conntrack (P-O-M) but after recompiling my kernel, iptables
doesnt recognize NAT anymore. How could this happen?
TIA
Pol
----- Original Message -----
From: "George Vieira" <georgev@citadelcomputer.com.au>
To: "Esteban" <esteban@alstec.fr>; <netfilter@lists.netfilter.org>
Sent: Wednesday, June 04, 2003 6:12 AM
Subject: RE: Nat problem with GRE
No offence but for the <insert large number here>th time use pptp helper in
p-o-m.. ;)
GRE is connectionless and also has no ports so connection tracking cannot
map the port used to connect so it doesn't know which user behind the
firewall to relay the packets to.
So you need the patch-o-matic patch and select the PPTP helper to most
likely fix your problem.
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
Phone : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
-----Original Message-----
From: Esteban [mailto:esteban@alstec.fr]
Sent: Tuesday, June 03, 2003 9:35 PM
To: netfilter@lists.netfilter.org
Subject: Nat problem with GRE
Hi there,
I have some troubles to NAT GRE traffic.
On my LAN, some users have to connect to an external PPTP server.
The connection success for the first user who connect the PPTP server.
But it fails for the others, when there is already a user connected to
the server.
I looked with tcpdump, and it seem that the GRE traffic of the second
client is droped (TCP 1723 connection is OK)
Actualy, I accept all the traffic destinated to the PPTP server (so tcp
1723 and gre traffic may be accepted).
Does anybody know what I am doing wrong ?
Thank you very much.
--
Esteban
esteban@epita.fr
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Nat problem with GRE
2003-06-04 0:10 ` John Paul
@ 2003-06-04 8:17 ` Filip Sneppe
2003-06-04 10:14 ` Nat problem with GRE (Solved!) John Paul
0 siblings, 1 reply; 5+ messages in thread
From: Filip Sneppe @ 2003-06-04 8:17 UTC (permalink / raw)
To: John Paul; +Cc: George Vieira, Esteban, netfilter
On Wed, 2003-06-04 at 02:10, John Paul wrote:
> George, et al.
>
> I actually have the same problem. I successfully patched my kernel(2.4.20)
> with ip_pptp_conntrack (P-O-M) but after recompiling my kernel, iptables
> doesnt recognize NAT anymore. How could this happen?
>
Hi,
Recompile your iptables userspace program against those
patched kernel sources & reinstall it.
Regards,
Filip
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Nat problem with GRE (Solved!)
2003-06-04 8:17 ` Filip Sneppe
@ 2003-06-04 10:14 ` John Paul
0 siblings, 0 replies; 5+ messages in thread
From: John Paul @ 2003-06-04 10:14 UTC (permalink / raw)
To: Filip Sneppe; +Cc: George Vieira, Esteban, netfilter
Thanks to those who responded to this email. What i did actually is;
1. patched the kernel with ip_pptp_* P.O.M. (KERNEL_DIR=/usr/src/linux
./runme bla bla bla)
2. recompile iptables (source)
3. recompile the kernel (make menuconfig; make dep; make bzImage, make
modules; make modules_install)
4. reboot machine
viola! works like a charm.
cheers!
----- Original Message -----
From: "Filip Sneppe" <filip.sneppe@cronos.be>
To: "John Paul" <john@pinoylinux.sytes.net>
Cc: "George Vieira" <georgev@citadelcomputer.com.au>; "Esteban"
<esteban@alstec.fr>; <netfilter@lists.netfilter.org>
Sent: Wednesday, June 04, 2003 4:17 PM
Subject: Re: Nat problem with GRE
> On Wed, 2003-06-04 at 02:10, John Paul wrote:
> > George, et al.
> >
> > I actually have the same problem. I successfully patched my
kernel(2.4.20)
> > with ip_pptp_conntrack (P-O-M) but after recompiling my kernel, iptables
> > doesnt recognize NAT anymore. How could this happen?
> >
> Hi,
>
> Recompile your iptables userspace program against those
> patched kernel sources & reinstall it.
>
> Regards,
> Filip
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Nat problem with GRE
@ 2003-06-03 11:35 Esteban
0 siblings, 0 replies; 5+ messages in thread
From: Esteban @ 2003-06-03 11:35 UTC (permalink / raw)
To: netfilter
Hi there,
I have some troubles to NAT GRE traffic.
On my LAN, some users have to connect to an external PPTP server.
The connection success for the first user who connect the PPTP server.
But it fails for the others, when there is already a user connected to
the server.
I looked with tcpdump, and it seem that the GRE traffic of the second
client is droped (TCP 1723 connection is OK)
Actualy, I accept all the traffic destinated to the PPTP server (so tcp
1723 and gre traffic may be accepted).
Does anybody know what I am doing wrong ?
Thank you very much.
--
Esteban
esteban@epita.fr
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-06-04 10:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-03 22:12 Nat problem with GRE George Vieira
2003-06-04 0:10 ` John Paul
2003-06-04 8:17 ` Filip Sneppe
2003-06-04 10:14 ` Nat problem with GRE (Solved!) John Paul
-- strict thread matches above, loose matches on Subject: below --
2003-06-03 11:35 Nat problem with GRE Esteban
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox