NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ipsec on 2.6.16+ question

from [Gary W. Smith] [Permanent Link][Original]
To: <netfilter@lists.netfilter.org>
Subject: ipsec on 2.6.16+ question
From: "Gary W. Smith" <gary@primeexalia.com>
Date: Sun, 17 Dec 2006 16:46:24 -0800
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org
Thread-index: AcciN0XrfQ3r8zzGSp6TeSQ4wSwEGwABqGaw
Thread-topic: ipsec on 2.6.16+ question 
Hello, 

I've upgraded one of our old firewalls from RHEL4 to RPATH 1.0.5
(2.6.16).  We moved the firewall script directly from the old firewall
to the new one and everything appeared to work except IPSEC, which
failed.  It appears that it's no longer honoring the -p ! esp portion of
the postrouting.  I'm not sure if this is or is not standard behavior or
not or if there is a better way of doing what I'm doing below.  We have
additional IP's beyond what's listed below (some public, some not) which
would require multiple lines for this. 

Original:

-A POSTROUTING -o eth1 -p ! esp -j MASQUERADE

Current working:
-A POSTROUTING -s 10.0.16.0/255.255.248.0 -d 10.0.32.0/255.255.255.0 -o
eth1 -j ACCEPT 
-A POSTROUTING -o eth1 -j MASQUERADE
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Help on Iptables, wlagmay
Next by Date:  Interesting article about punching holes in firewalls..., Grant Taylor
Previous by Thread:  Help on Iptables, wlagmay
Next by Thread:  Re: ipsec on 2.6.16+ question, Marco Berizzi
Indexes:  [Date] [Thread] [Top] [All Lists]