On 9/23/12 10:32 AM, "Tarqi Kazan" <[email protected]> wrote: > >>> Back to your original problem, did you have AUTOHELPERS=No all along? >>> With AUTOHELPERS=No on a 3.5 kernel, unless you have specifically >>> modified /etc/shorewall/conntrack to associate the PPTP helper with >>> TCP port 1729, the behaviour of the system should be the same as if >>> you hadn't loaded the module at all. >>> >>> If it is not, then we need to investigate further. >> > >After trying some different combinations, I can't say this anymore. I just >remember that AUTOHELPERS has been initially "Yes". If I find some time I >will test this again, but I can't promise this. > >> >> Here is a lightly-tested patch that does not probe the helpers when >> LOAD_HELPERS_ONLY=Yes. > >Thanks, this will be present in the next release, I think?
Yes. > >> I also noticed this morning that the released 'conntrack' files are >incorrect; they specify 1729 as the > PPTP control port rather than 1723. >> This prevents the PPTP helpers from working correctly on Kernel 3.5. > >Strange. Even with the wrong settings in "conntrack" everything works, >IF(!) >nf_nat_pptp and nf_nat_proto_gre are not loaded. The nf_conntrack* modules >aren't a problem. With AUTOHELPERS=No, the wrong port makes no difference. The entries in the released conntrack file are only used with AUTOHELPERS=Yes. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
