Hi, I've been banging my head for a few hours now as to why this stuff isn't being passed on.. I'm running the pptpd daemon on a slackware box with a fresh 2.4.20 kernel with no kernel patches. I'm also running 1.3.1 as the poptop flavor. Inbetween I have an old 486 working as a NAT box to share out my net connection. On this NAT box, i'm redirecting 1723 to the internal pptpd server and using ipfwd --masq 192.168.x.x 47 to masq protocol 47 to the internal server.. Upon dialing up to an ISP (no the main connection, just trying to get VPN working over this ISP) I see the tcp control conn come into the NAT box, it is masq'd to the pptpd box. the pptpd box replies and that it passed back out to the dial up machine. I then see GRE encap traffic come into the NAT box, it is passed to the pptpd box, the pptpd box replies with GRE encap traffic, however the GRE encap reply never seems to make it out of the NAT box. It is a 2.2 kernel (Slackware 8.0) and all rules are blown wide open. Any ideas? Clear as mud? Thanks in advance. =)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, I've been banging my head for a few hours now as to why this stuff isn't being passed on.. I'm running the pptpd daemon on a slackware box with a fresh 2.4.20 kernel with no kernel patches. I'm also running 1.3.1 as the poptop flavor. Inbetween I have an old 486 working as a NAT box to share out my net connection. On this NAT box, i'm redirecting 1723 to the internal pptpd server and using ipfwd --masq 192.168.x.x 47 to masq protocol 47 to the internal server.. Upon dialing up to an ISP (no the main connection, just trying to get VPN working over this ISP) I see the tcp control conn come into the NAT box, it is masq'd to the pptpd box. the pptpd box replies and that it passed back out to the dial up machine. I then see GRE encap traffic come into the NAT box, it is passed to the pptpd box, the pptpd box replies with GRE encap traffic, however the GRE encap reply never seems to make it out of the NAT box. It is a 2.2 kernel (Slackware 8.0) and all rules are blown wide open. Any ideas? Clear as mud? Thanks in advance. =)
I think that 2.2 uses a versions of ipfwd which doesn't forward/NAT/PAT the GRE protocol very well.
I'd personally suggest using the latest iptables for all firewalling/NAT/PAT/forwarding, etc.
Lavie
Ditto on that. iptables is so much easier.