[Shorewall-users] pptp connect on firewall from load balanced addresses]

beirer-shorewall at itb.biologie.hu-berlin.de beirer-shorewall at itb.biologie.hu-berlin.de
Sat Apr 17 05:21:08 PDT 2004


>Notice that you are sending GRE frames but not receiving them -- that
>says to me that someone along the way is blocking those frames.

just to add my two cents to the pptp-thread:

recently i installed a pptp server and i have similar problems with
missing GRE frames with the combination of shorewall and the poptop
pptp server. i have two networks (lets call them A and B), both
guarded by shorewall firewalls. for windows remote administration, I
log into the pptp-server installed on firewall B, using a W3K-client
from inside network A.  50 % of all trials (in a somehow stochastic
fashion), I get the same 'GRE read errors' as Craig.  If I connect the
W3K client directly to the internet, it works significantly better,
let's say 90% of all trials (but not 100%!!).

Two days ago I noticed, that if connecting from inside A to B fails, a
solution that helps is to restart my outgoing ppp-internet connection
of network A. Until now I had not the time to investigate this further
(maybe just restarting shorewall would help, too), thus I have no log
files to provide some more information. at the moment the
connection-restarting solution is okay for me. just wanted to mention
it on the list, maybe it's a hint for Craig.

if i have found the time to investigate the problem i will post the
solution on the list.

bye: stephan.

ps: maybe I should mention: I'm not using the
ip_nat_pptp/ip_conntrack_pptp modules, since I have just one client
inside A.

pps: thanks Tom for shorewall. this stuff is really great!

stephan beirer              invalidenstr. 42    10115 berlin/germany
theoretical biophysics      phone +49 30 2093 8694          room 501
institute of biology        http://itb.biologie.hu-berlin.de/~beirer
humboldt university berlin  mail      s.beirer at biologie.hu-berlin.de

More information about the Shorewall-users mailing list