I was trying to get a PPTPD server to run behind my WRTSL54G router and was trying to manually add the routes to allow it- but i managed to screw up my outgoing PPTP traffic in the process

The odd thing is- i can get a connection from the Wireless fine, but not on the LAN (i have tried plugging my laptop directly in via cable and turning off the wifi and confirmed that it will not connect that way, only via Wifi)

The issue seems to be related to GRE traffic not getting back to the computer on my lan

This worked fine w/ the stock layout and i really don't want to reset it since i have already installed a bunch of SSH and USB packages (and i wouldn't learn anything if i just reset the damn thing)

So- Anybody have this problem before?  are their two Chains i need to setup?  ACCEPT and LAN_ACCEPT  ( I thought the wifi and Lan were bridged, but i guess since it's done in software maybe iptables can treat them seperately?)

Oh- and here is where it gets really wierd.. i can VPN into my parents house fine from the physical LAN, but not my work... they are both configured exactly the same (fedora 8, poptop)  and since my laptop can access my work VPN on the wifi (and because it worked from my desktop before i started messing w/ IPtables) i assume it HAS to be some wierd configuration issue with the firewall

Disconnecting the other VPNs running through my firewall doesn't help either.  Conntrack shows GRE connections from both boxes.

Other then this it's running Amazingly well.. Great job guys (I am on WhiteRussian 0.9 RC6 from x-wrt w/ the swanky web interface)

Thanks in advance guys!

here is my IP tables -L   Perhaps somebody could send me theirs to compare?

iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags:SYN/SYN
input_rule  all  --  anywhere             anywhere
input_wan  all  --  anywhere             anywhere
LAN_ACCEPT  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     gre  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1723
ACCEPT     gre  --  anywhere             anywhere
ACCEPT     gre  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1723

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
forwarding_rule  all  --  anywhere             anywhere
forwarding_wan  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain LAN_ACCEPT (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
output_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain forwarding_rule (1 references)
target     prot opt source               destination

Chain forwarding_wan (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.1.5         tcp dpt:1723
ACCEPT     udp  --  anywhere             192.168.1.5         udp dpt:1723
ACCEPT     tcp  --  anywhere             192.168.1.5         tcp dpt:500
ACCEPT     udp  --  anywhere             192.168.1.5         udp dpt:500
ACCEPT     tcp  --  anywhere             192.168.1.2
ACCEPT     udp  --  anywhere             192.168.1.2

Chain input_rule (1 references)
target     prot opt source               destination

Chain input_wan (1 references)
target     prot opt source               destination

Chain output_rule (1 references)
target     prot opt source               destination

I think the firewall is only allowing one GRE route per internet IP.... I am now having issues connecting to my Home network from the WiFi after i had a connection open from my plugged-in computer 

additionally conntrack never shows additional GRE connections for the extra connections- it only shows the two routes (one from my wifi computer to my work, which is OK, and one from my desktop to my Parents, which also works)  trying to establish more connections does not create new GRE conntrack entries

unknown  47 594 src=192.168.1.2 dst=69.250.parents.xxx src=69.250.184.x dst=69.250.214.xxx use=1 mark=0 bytes=40650099
unknown  47 528 src=192.168.1.102 dst=12.159.work.xxx src=12.159.work.xxx dst=69.250.214.xxx use=1 mark=0 bytes=9806954

102 is my wifi computer, which you can see is routing to my work ok... but trying to create another connection from my desktop .2 does not create new conntrack entries

Your rules to accept pptp and gre traffic are after a "reject all" rule. Additionally you need pptp and gre nat kernel modules.
If you run white russian you should post your questions to the according forum.
I'm running kamikaze only, and had a lot of problems with pptp passthrough, I don't use that any more.
If you do port forwarding, the nat table is important, too!

I have those packages, just double checked.

i restarted my router and those extra entries went away and i can't connect from EITHER computer now (doh! didn't make the changes persistant w/ ipTables)

is there a way to reset Iptables to it's default settings so i can get the PPP passthrough working again? I can worry about the server on my side later, i just need to be able to connect out again to another location

Here is my current IPtables w/ the F-ed up PPTP passthrough

root@OpenWrt:~$ iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags:SYN/SYN
input_rule  all  --  anywhere             anywhere
input_wan  all  --  anywhere             anywhere
LAN_ACCEPT  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     gre  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
forwarding_rule  all  --  anywhere             anywhere
forwarding_wan  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain LAN_ACCEPT (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
output_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain forwarding_rule (1 references)
target     prot opt source               destination

Chain forwarding_wan (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.1.5         tcp dpt:1723
ACCEPT     udp  --  anywhere             192.168.1.5         udp dpt:1723
ACCEPT     tcp  --  anywhere             192.168.1.5         tcp dpt:500
ACCEPT     udp  --  anywhere             192.168.1.5         udp dpt:500
ACCEPT     tcp  --  anywhere             192.168.1.2
ACCEPT     udp  --  anywhere             192.168.1.2

Chain input_rule (1 references)
target     prot opt source               destination

Chain input_wan (1 references)
target     prot opt source               destination

Chain output_rule (1 references)
target     prot opt source               destination

Thanks again for all your help!

Hah... I am an asshole and did not search the forum like i should have :-)  Google does not have all the answers after all

Solution was:

ipkg install kmod-ipt-nat-pptp  (older version should use 'kmod-ipt-nat-extra' instead)
Reboot the router

Fixed

Thanks for all your help- i LOVE this router and will be recommending it to EVERYBODY

I am using the USB w/ a flash drive to give me 4gigs of storage on it...  FYI i had to install both the usb2 and the kmod-usb-ohci package (it will NOT have USB w/ the other usb package- uhci i think it's called... it shows up but always has a 0000:0000 vendor ID and neither end will show a connection when you plug something in... usb-ohci solved this immediately)