From: Ausi <ausi@gmx.de>
To: netfilter@lists.netfilter.org
Subject: PPTP connection tracking on Mandrake 10.0 with Kernel 2.6
Date: Wed, 08 Dec 2004 20:24:28 +0100 [thread overview]
Message-ID: <41B754EC.5000900@gmx.de> (raw)
Hi,
I need PPTP connection tracking on my Mandrake 10.0 NAT router.
Because there are more private VPN Clients accessing the same public VPN
Server.
What I did:
With "urpmi kernel-source" I got the Mandrake 2.6.3-19 kernel sources
RPM installed. Already patched for PPTP conntrack.
I configured it including GRE and PPTP support. After compiling and
restarting I can modprobe "ip_conntrack_pptp" and it's getting properly
loaded including the module "ip_conntrack_proto_gre".
But when a VPN Client now tries to connect to the VPN Server through my
NAT router, the router freezes immediatly.
So I thought, maybe I have to recompile iptables and downloaded version
1.2.11 from netfilter.org.
But when I do a make in the iptables folder I end up with this:
> Extensions found: IPv4:addrtype IPv4:condition IPv4:dstlimit IPv4:IPMARK IPv4:mport IPv4:nth IPv4:osf IPv4:quota IPv4:random IPv4:recent IPv4:time IPv6:ah IPv6:condition IPv6:esp IPv6:frag IPv6:ipv6header IPv6:nth IPv6:hbh IPv6:dst IPv6:random IPv6:rt
> cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_connlimit_sh.o -c extensions/libipt_connlimit.c
> In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
> from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
> from extensions/libipt_connlimit.c:9:
> /usr/src/linux/include/asm/byteorder.h:14: error: syntax error before "__u32"
> /usr/src/linux/include/asm/byteorder.h:28: error: syntax error before "__u64"
> In file included from /usr/src/linux/include/linux/byteorder/little_endian.h:11,
> from /usr/src/linux/include/asm/byteorder.h:57,
> from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h:3,
> from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:54,
> from extensions/libipt_connlimit.c:9:
> /usr/src/linux/include/linux/byteorder/swab.h:133: error: syntax error before "__u16"
> /usr/src/linux/include/linux/byteorder/swab.h:146: error: syntax error before "__u32"
> /usr/src/linux/include/linux/byteorder/swab.h:160: error: syntax error before "__u64"
> make: *** [extensions/libipt_connlimit_sh.o] Fehler 1
Now I don't know any further.
Can anybody help?
Here's my iptables configuration, too:
(eth0 is the public interface to the server, eth1 is the private nic)
> # Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
> *filter
> :INPUT ACCEPT [11277:2168399]
> :FORWARD DROP [696:122385]
> :OUTPUT ACCEPT [4197:782834]
> [0:0] -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT
> [3:234] -A INPUT -i eth1 -j DROP
> [6024:3135556] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> [56:3568] -A FORWARD -d vpn-server -i eth1 -o eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
> COMMIT
> # Completed on Wed Dec 8 21:10:06 2004
> # Generated by iptables-save v1.2.9 on Wed Dec 8 21:10:06 2004
> *nat
> :PREROUTING ACCEPT [3345:534190]
> :POSTROUTING ACCEPT [29:6416]
> :OUTPUT ACCEPT [737:180585]
> [711:174322] -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Wed Dec 8 21:10:06 2004
next reply other threads:[~2004-12-08 19:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-08 19:24 Ausi [this message]
2004-12-08 23:15 ` PPTP connection tracking on Mandrake 10.0 with Kernel 2.6 Jason Opperisano
[not found] ` <41B80A4C.6090002@gmx.de>
2004-12-09 13:05 ` Jason Opperisano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41B754EC.5000900@gmx.de \
--to=ausi@gmx.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox