Horst Knobloch wrote:
> Carl Farrington <carl@000compsup000.net.invalid> wrote:
>
> [only one of multiple pptp connections work]
>>
>> Is there something I need to specify to iptables get gre/pptp
>> connections masqueraded properly?
>>
>> here's my very basic NAT script at the moment:
>>
>> /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Have a look to Linux VPN Masquerade document
> http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
>
> HTH
>

For future reference in case anyone google's this thread, the solution is to
download patch-o-matic from www.netfilter.org, and patch your kernel with
the ip_nat_pptp patch from the 'extras' set. After doing this and compiling
the kernel, nat won't work at all (iptables: invalid argument) until you
download and compile iptables (the userspace tools) from source also (which
is also on www.netfilter.org).

Then you modprobe ip_conntrack_pptp, ip_conntrack_proto_gre, ip_nat_pptp,
ip_nat_proto_gre and everything works, except your PoPToP (pptpd) running on
the same machine.