I've patched my suSE 6.4 kernel (2.2.14), recompiled with the settings from the website at bottom. In YaST I've given the ip address of {SERVER-IP} to FW_TRUSTED_NETS, and ports 500, 1723 and 65535 to SERVICES_TRUSTED_TCP & UDP. I added the 65535 port after these errors, but still no go. I'm trying to use Microsoft's VPN (pptp) through my SuSE firewall to the server on the other end. The server on the other end is working for other non protected clients. I don't think I need masq_gre, but it it is going in for some reason. What did I do wrong? How do I enable proto 47? Jan 24 19:05:38 {MY-SRVR-HOSTNM} kernel: ip_masq_gre(): {INTERNAL-IP} -> {SERVER-IP} CID=C3E7 VER=1 PROTO=880B Jan 24 19:05:38 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-ip}:65535 {ISP-ASSIGNED-IP}:65535 L=57 S=0x00 I=18380 F=0x0000 T=105 (#142) Jan 24 19:05:38 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=89 S=0x00 I=18381 F=0x0000 T=105 (#142) Jan 24 19:05:42 {MY-SRVR-HOSTNM} kernel: ip_masq_gre(): {CLIENTHOST-IP} -> {SERVER-IP} CID=C3E7 VER=1 PROTO=880B Jan 24 19:05:42 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=89 S=0x00 I=18382 F=0x0000 T=105 (#142) Jan 24 19:05:42 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=57 S=0x00 I=18383 F=0x0000 T=105 (#142) Jan 24 19:05:46 {MY-SRVR-HOSTNM} kernel: ip_masq_gre(): {CLIENTHOST-IP} -> {SERVER-IP} CID=C3E7 VER=1 PROTO=880B Jan 24 19:05:46 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=57 S=0x00 I=18384 F=0x0000 T=105 (#142) Jan 24 19:05:46 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=89 S=0x00 I=18385 F=0x0000 T=105 (#142) Jan 24 19:05:50 {MY-SRVR-HOSTNM} kernel: ip_masq_gre(): {CLIENTHOST-IP} -> {SERVER-IP} CID=C3E7 VER=1 PROTO=880B Jan 24 19:05:51 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=89 S=0x00 I=18386 F=0x0000 T=105 (#142) Jan 24 19:05:51 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=57 S=0x00 I=18387 F=0x0000 T=105 (#142) Jan 24 19:05:54 {MY-SRVR-HOSTNM} kernel: ip_masq_gre(): {CLIENTHOST-IP} -> {SERVER-IP} CID=C3E7 VER=1 PROTO=880B Jan 24 19:05:54 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=57 S=0x00 I=18388 F=0x0000 T=105 (#142) Jan 24 19:05:54 {MY-SRVR-HOSTNM} kernel: Packet log: input DENY ppp0 PROTO=47 {SERVER-IP}:65535 {ISP-ASSIGNED-IP}:65535 L=89 S=0x00 I=18389 F=0x0000 T=105 (#142) Jan 24 19:05:58 {MY-SRVR-HOSTNM} kernel: ip_masq_pptp_tcp(): {ISP-ASSIGNED-IP} -> {SERVER-IP} LEN=16 TY=1 MC=1A2B3C4D CTL=CALL_DISCONNECT_NOTIFY Jan 24 19:05:58 {MY-SRVR-HOSTNM} kernel: ip_masq_pptp_tcp(): CALL_DISCONNECT_NOTIFY, CID=8000
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/VPN-howto/VPN-Masquerade-2.ht
ml http://members.home.net/ipmasq/ Trim replies as much as needed- natch. Thanks in advance.