On Sat, Nov 19, 2011 at 3:22 AM, Guy Tetruashvyly <guy....@gmail.com> wrote:
> > After we've dealt with not touching traffic we shouldn't by the NAT > engine, now we're talking about something else: > recognizing GRE traffic - and understanding where it SHOULD go, > based on the characteristics of the GRE packets themselves... > my next question is going to be: does your kernel config have the option > NF_NAT_PROTO_GRE enabled? > > No,the NF_NAT_PROTO_GRE.ko was in the kernel object library but did > not show up in lsmod. I added it to rc.local. > It is loading now and showing up when " lsmod |grep _nat" is run . I > don't have access to remote servers for the time being, > so I can't quite test the inbound & outbound connections for PPTP . I > may need to assemble a stub-LAN/WAN using KVM VM's. > I assume that there is more to it then just loading the > NF_NAT_PROTO_GRE.ko, is there ? > No, actually, there isn't. Just loading the helper allows the Netfilter conntrack mechanism to assign the correct traffic to where it should have gone, based on the characteristics of it. There's a similar helper for FTP, SIP/H.323 (VoIP), IRC etc. Now that I think of it, there's a specific one for PPTP as well... maybe you should have it enabled too (or maybe just it, maybe the GRE one isn't needed...) For general knowledge you might wanna take a look at: ls -1 /usr/src/linux/net/netfilter/nf_conntrack*.c :) -- Shimi
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
