I tried several combinations and ended up with the loaded modules all the time. And yes, after a reboot I unloaded the modules, and everything worked. So something is loading the modules automatically, regardless what I set in shorewall.conf and "helpers". The docs in shorewall.conf says to set AUTOHELPERS to NO if using kernel > 3.5, which is the case.
Tarqi -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Saturday, September 22, 2012 12:35 AM To: Shorewall Users Subject: Re: [Shorewall-users] GRE blocked on Masq PPTP On 09/21/2012 03:14 PM, Tarqi Kazan wrote: > Ok, > > I found out the following: > > PPTP Client from the LAN to a remote side needs NO modules loaded, > which > means: > > If the modules: > nf_nat_pptp > nf_nat_proto_gre > nf_conntrack_pptp > nf_conntrack_proto_gre > > are NOT loaded, everything works like expected. > There are NO rules needed. > > However, how can I prevent shorewall from loading these modules? > > I did the following: > - copied "helpers" to /etc/shorewall AND commented out the modules > - set strongwall.conf "AUTOHELPERS" to "No" You probably don't want that. > - set strongwall.conf "LOAD_HELPERS_ONLY" to "Yes" > - set strongwall.conf "HELPERS" to "" > > However, the modules are still loaded. There are no rules, which may > autoload them involved. > > Any clues? Did you unload the modules? Changing the modules configuration won't unload any modules that are already loaded. -Tom PS -- the product is 'shorewall', not 'strongwall' :-) -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
