Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 01-15-2015, 09:12 AM   #1
LQ Newbie
Registered: Jan 2015
Posts: 1

Rep: Reputation: Disabled
NAT iptables GRE tunnels hell

Hi Guys !

I have one head blowing problem, maybe your smart brains can help in resolving this issue, or just finding cause of it.

Just in few words without configurations sofar.

I'm managing small office network, that is sitting behind CentOS bases router.

Router duty to do NAT, and forward some ports to internal servers (same NAT).

All done on iptables. Problem that i have now somehow related to iptables and seen very well with GRE (PPTP tunnels) and i think with any tunnels.

We have multiple client stations that trying to connect to same VPN servers outside our LAN.

And we have such scenario:

Iptables or something in routerbox remembers first connection that was made to VPN1 server, and allows to connect to this VPN1 server only to particular IP addrees that firstly initiated connection to VPN1 server.

Funny that iptables restart doesn't help to, somehow reset this first initiating connection. But if you change anything inside rules (i don't know add comment) inside iptables and restart it. It will reset cache or something i really don't know and accept again first connection from first IP that will try to initiate this connection to VPN server.

And it's really looks crazy, if Client1 initiats connection to VPNServer1 and he is first all fine, but to allow Client2 to connect to VPNServer1 - i need change rule, restart iptables, then Client2 has VPN resources, but Client1 can not. And they don't try to connect to one VPN resource in parallel with same login/pass.

Hopefully it's common problem with iptables or ipconntrack something

Old 01-16-2015, 07:19 AM   #2
Registered: May 2014
Location: Romania
Distribution: Debian/Ubuntu, Rocky Linux
Posts: 53

Rep: Reputation: Disabled
Check in /etc/pptpd.conf
how many connections are allowed (line 68, or near that line).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
linux gre nat problem with traffic forwarding seccentral Linux - Server 3 06-06-2012 02:09 AM
Redirect traffic between ssh tunnels with iptables AresiusXP Linux - Networking 10 03-08-2012 01:59 PM
GRE Tunnels and Kernel 2.7. GGlinux Linux - Networking 0 10-29-2008 05:46 PM
NAT over tunnels sqn Linux - Networking 2 03-18-2005 01:08 AM
gre ip tunnels and their security antken Linux - Networking 5 09-22-2003 04:08 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:57 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration