(sorry for my bad english)
scenario: NetBSD nat box, PPTP server at some ISP w/public IP, PPTP client on my private network behind the NetBSD nat.
first of all: this setup works with NetBSD 1.6.2 (IPFilter 3.x) flawlessly, the problem was triggered by the upgrade to NetBSD 2.0
$ ipf -V ipf: IP Filter: v4.1.3 (396)
the problem:
PPTP client can connect to the PPTP server, but the connection hangs up if there's no data traffic from the PPTP client to the PPTP server for 2-3 seconds.
If I start a simple ``ping'' on the client, the connection stays up and running, and everyting is okay. If I stop pinging the server, the the connection hangs, I can't even ping the client from the server. If I start any data transfer from the client again, the connection is back and working again.
Of course, if there's no traffic from the client for several minutes, the link not only hangs, but server disconnects, as LCP echo requests cannot reach the client.
this is 100% reproduceable on my box.
my ipf rules:
pass in quick proto gre pass in quick all pass out quick proto gre pass out quick all
my ipnat rules:
map ex0 10.0.0.0/8 -> my.external.ip.addr/32 proxy port ftp ftp/tcp map ex0 10.0.0.0/8 -> my.external.ip.addr/32 portmap tcp/udp 20000:40000 map ex0 10.0.0.0/8 -> my.external.ip.addr/32
``ipnat -l'' shows the following entry when connected:
MAP pptp-client-ip 2145 <- -> natbox-ip 29981 [pptp-server-ip 1723]
the following entry (for protocol gre) is _only_ visible when the client does data traffic:
MAP pptp-client-ip <- -> natbox-ip [pptp-server-ip]
probably it's something similar like:
http://marc.theaimsgroup.com/?l=ipfilter&m=107881852125357&w=2
``incoming gre not getting "natted"''
thank you for your ideas.
-- Egerváry Gergely [EMAIL PROTECTED]
