Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-29-2004, 01:03 PM   #1
LQ Newbie
Registered: Apr 2004
Distribution: Slackware-current
Posts: 15

Rep: Reputation: 0

Hello everyone,

Does anybody know how can I use pptp/gre nat/conntrack module for iptables.

What I have to do to enable this thing to work?

Please help.

Thanx in advance.
Old 07-29-2004, 01:51 PM   #2
Registered: Dec 2003
Location: Northern VA
Posts: 493

Rep: Reputation: 30
you have to load the modules in order for it to work, those are kernel modules, not iptables modules.

Once those are loaded, it's just a matter of setting up your iptables correctly.
Old 07-29-2004, 02:09 PM   #3
LQ Newbie
Registered: Apr 2004
Distribution: Slackware-current
Posts: 15

Original Poster
Rep: Reputation: 0
Thank you.
any examples of a simple configuration? The problem is VPN connection
Old 08-01-2004, 04:22 AM   #4
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Have a look at They have the pptp server..
and for the client software

The kernel modules will need to be built in a new kernel, using the patch-o-matic-ng system.
You will also need iptables sources at the same time and to make new iptables executables,
and a modutils package to match the new kernel major/minor numbers.
(So you may also want to try out some other patch-o-matic patches as well to enhance iptables a lot.)

To allow more than 1 client in the lan to connect at the same time, do
modprobe ip_nat_pptp This loads both pptp modules and any other necessary ones.

Make sure the ip stream on port 1723 and prototocol 47 (GRE) are not 'mangled' in any way, eg TTL changed etc
Depending on your chain POLICYs, you may have to make a rule allowing tcp port 1723 and protocol 47 out,
but usually loading just the modules is enough for lan clients, with an incoming/forward rule allowing ESTABLISHED,RELATED connections in. (=standard rules)

Getting GRE to work properly with the pptp server can either be very easy, or frustratingly difficult.
When making the new kernel, make GRE, broadcast on GRE and multicast routing in the kernel rather than modules. Also make the Cryptographic models in the kernel. In the netfilter section, make everything modules and add the pptp verbose debug option.

Last edited by peter_robb; 08-01-2004 at 04:37 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/ z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 04:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:12 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration