From: Wim Ceulemans <wim.ceulemans@able.be>
To: Wim Ceulemans <wim.ceulemans@able.be>
Cc: Harald Welte <laforge@netfilter.org>,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
Netfilter Mailinglist <netfilter@lists.netfilter.org>
Subject: Re: New Version (1.13) of PPTP conntrack/nat helper
Date: Wed, 24 Sep 2003 18:34:50 +0200 [thread overview]
Message-ID: <3F71C7AA.9050700@able.be> (raw)
In-Reply-To: <3F718312.4020000@able.be>
[-- Attachment #1: Type: text/plain, Size: 2611 bytes --]
Hi Harald
This is the debug log, with CONFIG_IP_NF_NAT_LOCAL switched on and one
session trying pptp through the firewall to an internal windows2000 server.
18:26:06 kernel: ip_tables: (C) 2000-2002 Netfilter core team
18:26:06 kernel: ip_conntrack version 2.1 (2048 buckets, 16384 max) -
324 bytes per conntrack
18:26:06 kernel: ip_conntrack_pptp.c:init: ip_conntrack_pptp.c:
registering helper
18:26:06 kernel: ip_conntrack_pptp version 1.9 loaded
18:26:32 kernel: ip_nat_pptp.c:init: ip_nat_pptp.c: registering NAT helper
18:26:32 kernel: ip_nat_pptp version 1.5 loaded
18:26:58 kernel: ip_conntrack_pptp.c:conntrack_pptp_help: ctinfo = 2,
skipping
18:26:58 kernel: ip_nat_pptp.c:tcp_help: entering
18:26:58 kernel: ip_nat_pptp.c:tcp_help: Not touching dir ORIG at hook
PREROUTING
18:27:01 kernel: ip_conntrack_pptp.c:conntrack_pptp_help: ctinfo = 2,
skipping
18:27:01 kernel: ip_nat_pptp.c:tcp_help: entering
18:27:01 kernel: ip_nat_pptp.c:tcp_help: Not touching dir ORIG at hook
PREROUTING
18:27:07 kernel: ip_conntrack_pptp.c:conntrack_pptp_help: ctinfo = 2,
skipping
18:27:07 kernel: ip_nat_pptp.c:tcp_help: entering
18:27:07 kernel: ip_nat_pptp.c:tcp_help: Not touching dir ORIG at hook
PREROUTING
Regards
Wim
Wim Ceulemans wrote:
> Harald
>
> Sorry, my mistake, the crashes occur with CONFIG_IP_NF_NAT_LOCAL is
> switched off.
> I'll produce a debug log when CONFIG_IP_NF_NAT_LOCAL is on of one PPTP
> session through the firewall.
>
> Regards
> Wim
>
> Harald Welte wrote:
>
>> On Tue, Sep 23, 2003 at 06:25:40PM +0200, Wim Ceulemans wrote:
>>
>>
>>
>>> If I switch CONFIG_IP_NF_NAT_LOCAL off, the forwarding to a pptp
>>> server behind the firewall works.
>>> If switch it on, I don't see any gre packet behind the firewall, so
>>> it does not work.
>>>
>>> However, with CONFIG_IP_NF_NAT_LOCAL on I have had two freezes
>>> (firewall completely stuck and I had to switch it on and off).
>>>
>>
>>
>> So to summarize: It works perfectly of it is OFF, but you have problems
>> with DNAT and crashes, if it is ON. That is surprising - it seems like
>> the problems have just been reverting :(
>>
>> Did you do anything in particular when the firewall hang happened? (like
>> unloading/loading a module, ...)?
>>
>>
>>
>>> Regards
>>> Wim
>>>
>>
>>
>>
>>
>
>
--
Wim Ceulemans
R&D Engineer
Secure Internet Communication with aXs Guard
Able NV
Leuvensesteenweg 282 - B-3190 Boortmeerbeek - Belgium
Phone: + 32 15 50.44.00 - Fax: + 32 15 50.44.09
E-mail: wim.ceulemans@able.be
--
Security check on this e-mail has been done by aXs GUARD
(http://www.axsguard.com)
prev parent reply other threads:[~2003-09-24 16:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-22 20:30 New Version (1.13) of PPTP conntrack/nat helper Harald Welte
2003-09-23 13:38 ` Wim Ceulemans
2003-09-23 14:49 ` Harald Welte
2003-09-23 16:25 ` Wim Ceulemans
2003-09-24 10:13 ` Harald Welte
2003-09-24 11:42 ` Wim Ceulemans
2003-09-24 16:34 ` Wim Ceulemans [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F71C7AA.9050700@able.be \
--to=wim.ceulemans@able.be \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox