Shorewall users - Apr 2004 - Re: pptp connect on firewall from load balanced addresses]

Hi,
>Notice that you are sending GRE frames but not receiving them -- that
>says to me that someone along the way is blocking those frames.
just to add my two cents to the pptp-thread:

recently i installed a pptp server and i have similar problems with
missing GRE frames with the combination of shorewall and the poptop
pptp server. i have two networks (lets call them A and B), both
guarded by shorewall firewalls. for windows remote administration, I
log into the pptp-server installed on firewall B, using a W3K-client
from inside network A.  50 % of all trials (in a somehow stochastic
fashion), I get the same ''GRE read errors'' as Craig.  If I
connect the
W3K client directly to the internet, it works significantly better,
let''s say 90% of all trials (but not 100%!!).

Two days ago I noticed, that if connecting from inside A to B fails, a
solution that helps is to restart my outgoing ppp-internet connection
of network A. Until now I had not the time to investigate this further
(maybe just restarting shorewall would help, too), thus I have no log
files to provide some more information. at the moment the
connection-restarting solution is okay for me. just wanted to mention
it on the list, maybe it''s a hint for Craig.

if i have found the time to investigate the problem i will post the
solution on the list.


bye: stephan.


ps: maybe I should mention: I''m not using the
ip_nat_pptp/ip_conntrack_pptp modules, since I have just one client
inside A.

pps: thanks Tom for shorewall. this stuff is really great!

____________________________________________________________________
stephan beirer              invalidenstr. 42    10115 berlin/germany
theoretical biophysics      phone +49 30 2093 8694          room 501
institute of biology        http://itb.biologie.hu-berlin.de/~beirer
humboldt university berlin  mail      s.beirer@biologie.hu-berlin.de