[leaf-user] Problem with pptp clients

Sat, 04 Oct 2003 21:06:22 -0700 

I have a Bering leaf 1.2 firewall. I'm trying to allow PCs in the internal
network to connect to a external pptp server.

I have the following kernel modules loaded

ip_nat_proto_gre        1012   0 (unused)
ip_nat_h323             2656   0 (unused)
ip_nat_irc              2176   0 (unused)
ip_nat_ftp              2784   0 (unused)
ip_conntrack_pptp       2124   1
ip_conntrack_proto_gre    1728   0 [ip_conntrack_pptp]
ip_conntrack_h323       2336   3
ip_conntrack_irc        2880   0 (unused)
ip_conntrack_ftp        3648   0 (unused)

I have ip_nat_pptp set to load on boot as well but when it loads it comes
up with Input/output error I don't know if this is significant.

and I have also added 

ip_conntrack_proto_gre
ip_conntrack_pptp
ip_nat_proto_gre
ip_nat_pptp

to the shorewall modules file but I have not added any rules to shorewall
for the pptp connections.

When they try to connect to the pptp server with a client it authenticates
on the server but I then get the following errors in shorewall and the
client fails to connect.

Oct 3 18:42:03 firewall Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:40:f4:18:30:7f:ff:40:f5:77:57:e7:08:00 SRC=203.88.65.186
DST=203.113.155.73 LEN=65 TOS=00 PREC=0x00 TTL=55 ID=55841 DF PROTO=47
Oct 3 18:42:04 firewall Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:40:f4:18:30:7f:ff:40:f5:77:57:e7:08:00 SRC=203.88.65.186
DST=203.113.155.73 LEN=74 TOS=00 PREC=0x00 TTL=55 ID=55842 DF PROTO=47

Where 203.113.155.73 is the external IP address of the firewall and
203.88.65.186 is the pptp server.

It looks to me like the firewall is not masqurading the proto 47 pptp
connections correctly. Is there something I'm missing? do I have to add any
rules to shorewall for the clients or is there a module I'm not loading
correctly?

-Stephen


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to