Differences between version 4 and predecessor to the previous major change of PPTPConnectionTracking.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 4 | Last edited on Friday, November 18, 2005 3:32:06 pm | by CraigBox | Revert |
| Older page: | version 3 | Last edited on Monday, October 31, 2005 9:32:21 am | by CraigBox | Revert |
@@ -9,14 +9,25 @@
You have two options:
* install 2.6.14 or higher, as it was [merged into the mainline|http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=926b50f92a30090da2c1a8675de954c2d9b09732] at this point
-** __Note:__ I am not yet sure if the conntracking as in 2.6.14 requires changes to iptables as below. Please test this (and update this page!) before you do anything else based on this instruction.
-
+* patch an older kernel and iptables
with a patch provided by the Netfilter developers.
-!Build and install a new
kernel
+!!With an older
kernel
-Grab a snapshot from http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ and untar it into a directory.
+Don't do this. Get 2.6.14.
+
+!!With 2.6.14+
+
+If you're running 2.6.14.2 or lower, there are two patches on [this Netfilter bug|https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=397] which you need to apply to your kernel.
+
+No changes should need to be made to iptables.
+
+Enable/module CONFIG_IP_NF_PPTP and CONFIG_IP_NF_NAT_PPTP; the modules are called ip_nat_pptp and ip_conntrack_pptp. That is all you have to do.
+
+!!With an older kernel - "I Didn't Listen"
+
+
Grab a snapshot from http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ and untar it into a directory. They no longer support this patch, and you might find you have to get an older version of the p-o-m source to make this work. Be prepared to read mailing lists
.
You also need some iptables source, so you could use the one in the version you will build below. Read that and return here.
<verbatim>
@@ -46,17 +57,14 @@
$ mkdir /usr/src/iptables/
$ cd /usr/src/iptables
$ apt-get source iptables
$ tar -zvxf iptables_1.2.11-10.tar.gz (sub version numbers as appropriate)
-</pre>
-These next two steps are to give you an IPTABLES_DIR for pom on the kernel, as above:
-<pre>
-/tmp
-$ tar -zvxf /usr/src/
iptables/iptables-1.2.11/upstream/iptables-1.2.11.tar.bz2
-$ cd iptables-
1.2.11
+$ cd iptables_
1.2.11
$ vim scripts/prep.sh
</pre>
+
Add "pptp-conntrack-nat" to the line that lists __pomng_extensions__.
+
<pre>
$ dch -v 1.2.11-10itp1
Add your comment; this increments the package version number.
$ dpkg-buildpackage -uc -us -rfakeroot
@@ -64,4 +72,10 @@
You should end up with a iptables_1.2.11-10_i386.deb in the previous directory.
Note, this version of iptables and this kernel are married together. You can't use an unpatched iptables with a patched kernel, etc.
+
+These next two steps are to give you an IPTABLES_DIR for pom on the kernel, as above:
+<pre>
+$ cd /tmp
+$ tar -zvxf /usr/src/iptables/iptables-1.2.11/upstream/iptables-1.2.11.tar.bz2
+</pre>
