[Shorewall-users] PPTP - many clients behind -> FW -> server remote

Tom Eastep teastep at shorewall.net
Thu Apr 15 11:15:33 PDT 2004


Eduardo Ferreira wrote:

> 
> So, I deleted the 1 to 1 nat table and modified my /etc/shorewall/modules 
> adding the modules as in the shorewall documentation 
> (http://www.shorewall.net/PPTP.htm):
> loadmodule ip_conntrack_proto_gre
> loadmodule ip_conntrack_pptp
> loadmodule ip_nat_pptp
> 
> Didn't work.  I could not even make my first connection to test how it 
> would react whit the second connection.  Then I added a new module that I 
> found in my /lib/modules/`uname -r`/kernel/net/ipv4/netfilter directory to 
> /etc/shorewall/modules:
> loadmodule ip_nat_proto_gre
> and It worked.  Then I tryed many different modules configurations but it 
> only worked when all four modules were loaded.  Is that so? Could I have 
> done something wrong in the way and didn't noticed?
> 

No -- that's the way it works with the new version of the PPTP 
connection tracking code from Netfilter.org (note that the Shorewall 
PPTP page refers to patches from a different source). I should update 
the doc.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list