From: Tom E. <te...@sh...> - 2004-07-07 21:08:56
|
Andy wrote: > On Mit, 2004-07-07 at 07:55 -0700, Tom Eastep wrote: > >>Andreas Krause wrote: >> >> >>>>>Unfortunately we cannot establish a connection and tcpdump tells (from >>>>>firewall to client) icmp: my_host protocol 47 unreachable [tos 0xc0]. >>>>> >>>>>What could I do now, to troubleshoot? >>>> >>>>Andreas -- FAQs #1a and #1b give information about how to troubleshoot >>>>port forwarding problems. >>> >>> >>>Did everything, no chance. >>>DNAT is from net to loc for tcp/1723 and proto/47 >>>Packetcount says 1 for 1723, but 0 for prot 47 >>>ISP is NOT blocking >> >>Please post: >> >>a) output of "shorewall status" (as an attachment) after you have >>attempted to connect. >> > > > I would not mind, but there are too many "internal" data in that > output :-) Then I don't know how much more I can help you (if you're not willing to send me the output privately). > > >>b) output of "lsmod" > > attached You might see if it works if you unload all of the pptp/gre conntrack/nat modules -- there are some broken versions of those around. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... |