'[pptp-devel] PPTP and Masquerading - does this really work?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pptpclient-devel
Subject:    [pptp-devel] PPTP and Masquerading - does this really work?
From:       "G. Georgiev" <ggeorgiev () videotron ! ca>
Date:       2003-04-25 21:12:10
[Download RAW message or body]

	HEllo,

	For quite a long time I try to understand why my gateway will refuse on 
random basis to masquerade outgoing GRE packets.
	 The situation:
	I use kernel 2.4.20 with very few things incorporated and minimal netfilter 
options. The firewall I have is wide open for the tests and there is nothing 
than masquerading left on the nat rules. The problem is that the gateway does 
not pass the packets from inside to outside on a random base - it may work 
for an hour and be down for two if masquerading is enabled. If I put a rule 
like 
iptables -t nat -I POSTROUTING -p 47 -j ACCEPT
(suggested by Chris Wilson), the packets pass trough my gateway, but, of 
course with wrong source address. The presence of ip_conntrack_pptp and 
ip_conntrack_proto_gre modules does not seem to matter.

	I tried kernels 2.4.20 and stock slackware precompiled kernel 2.4.18 - no 
difference. All other traffic is fine. I still can not catch what triggers 
the kernel to stop or resume to forward/masquerade GRE packets.

	So, does someone use with success masquerading with GRE/pptp and if so, how? 

	Few remarks: The incoming GRE packet when I try to establish connection 
usually arrives before the a GRE packet is sent from inside; it gets dropped, 
that is normal. But when a packet from inside hits the gateway it disappears. 
	I run a client and not a server.
	If connection is established once, it is quite stable, no packet loss.
	The server(remote) is very fast, and my client is rather slow.

	Thanks, George.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
pptpclient-devel mailing list
pptpclient-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/pptpclient-devel

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic