Ok I loaded the modules: (Listed in this order in the /lib/modules config file) ip_conntrack_proto_gre.o ip_conntrack_pptp.o ip_nat_proto_gre.o ip_nat_pptp.o
Here are the rules that worked fine previously for pptp BEFORE I loaded these modules. #Allow VPN connections Outbound!!!! ACCEPT loc net tcp 1723 ACCEPT loc net 47 - #Allow VPN Inbound DNAT net loc:192.168.169.24 tcp 1723 DNAT net loc:192.168.169.24 47 - Here are the policies: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net DROP ULOG loc vpn ACCEPT vpn loc ACCEPT # If you want open access to the Internet from your Firewall # remove the comment from the following line. #fw net ACCEPT net all DROP ULOG all all REJECT ULOG Now I can't make a pptp connection to our VPN. Can anyone PLEASE tell me why? Is there something that I am missing here? It fails with error 721 "remote computer did not respond". It was working before I loaded these modules. Why is it broken now? Thanks in advance! Troy -----Original Message----- From: Troy Aden [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 8:58 PM To: 'Tom Eastep' Cc: Leaf-User (E-mail) Subject: RE: [leaf-user] Shorewall questions I installed these modules from the modules archive as per your recommendation below. I am assuming this is what you were referring to. "Bering_uClibc_2.0_modules_2.4.20.tar.gz" \\2.4.20\kernel\net\ipv4\netfilter , ip_conntrack_pptp.o, ip_nat_pptp.o I get the following error on reboot of the Bering router: After ip_conntrack_pptp.o loads I see this message: INSMOD: Unresolved symbol ip_ct_gre_keymap_add After ip_nat_pptp.o loads I see this message: INSMOD: Unresolved symbol ip_ct_gre_keymap_change Can someone please tell me what is happening here? Thanks! Troy -----Original Message----- From: Tom Eastep [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 12:07 PM To: Troy Aden Cc: Leaf-User (E-mail) Subject: RE: [leaf-user] Shorewall questions On Mon, 2003-12-08 at 09:59, Troy Aden wrote: > One more quick question. > > We are running a PPTP server behind shorewall. > The default policy is > Loc net DROP > > The rules are : > #Inbound VPN > DNAT net loc:{local PPTP server} tcp 1723 > DNAT net loc:{local PPTP server} 47 - > > #Outbound VPN > > ACCEPT loc net tcp 1723 > ACCEPT loc net 47 - > > The problem is that I have a user that is logged into our VPN from a remote > site. This user then came into work and is attempting to connect back into > his system at the remote location. The firewall is blocking him from doing > this. > Here is a snip from the logs. > > loc2net DROP eth1 eth0 24.78.108.194 24.81.104.187 ICMP (OS fingerprint) > > Can anyone tell me if there is a way to allow this user to connect to his > system from our network? > You would need to install the PPTP connection tracking and NAT support from Netfilter Patch-O-Matic. Without that support, you can only have a single active PPTP tunnel to any given remote system. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html