Hi,
What happens if you explicitly allow the GRE protocol ?
iptables -A FORWARD -p 47 -j ACCEPT
It shouldn't be needed if you let through RELATED connections though...
Regards,
Filip
-----Original Message-----
From: SoulBlazer [mailto:[EMAIL PROTECTED]]
Sent: Thu 13/06/2002 18:26
To: [EMAIL PROTECTED]
Cc:
Subject: Re: PPTP/GRE + Newnat Issues
I have received private email's regarding similar occurrences. Perhaps there
is some weirdness about since I am not alone on this?
Additionally if this is a problem with the module should I move this
conversation to the netfilter-devel list ? opinions ?
--
Re: PPTP/GRE + Newnat Issues
Date: Thu, 13 Jun 2002 15:47:00 +0200
From: <[EMAIL PROTECTED]>
To: "SoulBlazer" <[EMAIL PROTECTED]>
same promblems at me,
no solution known
greets
On June 12, 2002 07:53 pm, SoulBlazer wrote:
> Hey List,
>
> I've been having a problem getting PPTP/GRE (ms-vpn) sessions to work
> properly using netfilter cvs (06/12/2002) and a 2.4.19-pre10 kernel (please
> note I have tried the following with a vanilla 2.4.18 kernel as well to
> which the same results have occurred).
>
> After applying the newnat and pptp patches to my kernel I compile with the
> following :
>
> CONFIG_IP_NF_CT_PROTO_GRE=y
> CONFIG_IP_NF_PPTP=y
>
> (I also have standard iptables options allowing for nat enabled)
>
> After a recompile and reboot, I create the following rule for a winXP
> workstation on my LAN:
>
> iptables -t nat -A POSTROUTING -s 192.168.12.19 -j SNAT --to 64.119.104.135
>
> I then verify connectivity on the winXP box via the ping command and
> subsequent web browsing; all which yield success.
>
> I then attempt to use the VPN adapter in Network places and it appears to
> work however gets stuck at the 'Verifying username/password' (the l/p is
> correct btw). I go on the linux firewall and open up tcpdump to which I am
> getting the following:
>
> my.ext.addr.1081 > remote.vpn.server.1723: tcp 0 (DF)
> remote.vpn.server.1723 > my.ext.addr.1081: tcp 0
> my.ext.addr.1081 > remote.vpn.server.1723: tcp 156 (DF)
> remote.vpn.server.1723 > my.ext.addr.1081: tcp 156
> my.ext.addr.1081 > remote.vpn.server.1723: tcp 168 (DF)
> remote.vpn.server.1723 > my.ext.addr.1081: tcp 32
> remote.vpn.server > my.ext.addr: gre-proto-0x880B (gre encap)
> my.ext.addr > remote.vpn.server: icmp: my.ext.addr protocol 47 unreachable
>
> I have a feeling the pptp/gre support does not like being built internally
> opposed to modularly, so I recompile them as modules and attempt again.
>
> With the same rules and the following loaded as modules :
>
> Module Size Used by
> ip_nat_proto_gre 1248 0 (unused)
> ip_conntrack_pptp 2352 1 (autoclean)
> ip_nat_pptp 1712 0 (unused)
> ip_conntrack_proto_gre 1952 0 [ip_conntrack_pptp ip_nat_pptp]
>
>
> I again try to establish a vpn connection .. and again I get the same
> protocol 47 unreachable messages.
>
> Any ideas ?
Title: RE: PPTP/GRE + Newnat Issues
- PPTP/GRE + Newnat Issues SoulBlazer
- Re: PPTP/GRE + Newnat Issues SoulBlazer
- Re: PPTP/GRE + Newnat Issues Sneppe Filip
- Re: PPTP/GRE + Newnat Issues SoulBlazer
