>> >> I apologize, Tarqi. I realized when I woke up this morning that you >> may be running into the changes I made to support kernel 3.5 and later. >>
You're welcome. >> >> You can avoid this behaviour by creating a capabilities file: >> >> shorewall show -f capabilities > /etc/shorewall/capabilities >> >> Now, if you reboot, only the modules that you actually use will be loaded. >> I will try this, thanks. >> Back to your original problem, did you have AUTOHELPERS=No all along? >> With AUTOHELPERS=No on a 3.5 kernel, unless you have specifically >> modified /etc/shorewall/conntrack to associate the PPTP helper with >> TCP port 1729, the behaviour of the system should be the same as if >> you hadn't loaded the module at all. >> >> If it is not, then we need to investigate further. > After trying some different combinations, I can't say this anymore. I just remember that AUTOHELPERS has been initially "Yes". If I find some time I will test this again, but I can't promise this. > > Here is a lightly-tested patch that does not probe the helpers when > LOAD_HELPERS_ONLY=Yes. Thanks, this will be present in the next release, I think? > I also noticed this morning that the released 'conntrack' files are incorrect; they specify 1729 as the > PPTP control port rather than 1723. > This prevents the PPTP helpers from working correctly on Kernel 3.5. Strange. Even with the wrong settings in "conntrack" everything works, IF(!) nf_nat_pptp and nf_nat_proto_gre are not loaded. The nf_conntrack* modules aren't a problem. > -Tom Note: There is also a typo in "macro.PPtP" which prevents Shorewall from compiling it: The "Format" entry needs to be commented I think, currently it's a "?" instead of "#". - Tarqi ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
