Re: Kernel 2.6.16 and iptables
Hi,
On Tue, 2006-07-04 at 10:58, Martijn Grendelman wrote:
> Hi,
>
> I just thought I'd share the following with you all. It's a bit
> off-topic, but hopefully useful nonetheless.
>
> I wanted to install a kernel from Bpo (linux-image-2.6-vserver-686
> 6.16-13bpo1), but I knew there would be problems with IPsec tunnels and
> masquerading, because of changes in netfilter.
>
> The solution I found after a lot of searching and reading was to insert
> an iptables rule like this one, just above the MASQUERADE rule:
>
> iptables -t nat -A POSTROUTING -o eth1 -m policy --dir out --pol ipsec
> -j ACCEPT
>
> (eth1 is where my internet connection is on)
>
> However, this requires IPsec policy match support, in the kernel as well
> as in iptables. This didn't work with iptables 1.3.3-1bpo1. Finalyy I
> decided to package iptables 1.3.5 from upstream and now it works. I case
> anyone is interested:
>
> http://debian.sipo.nl/dists/sarge/iptables/binary-i386/iptables_1.3.5-0pocos1_i386.deb
>
> I hope this is of use to anyone outthere.
>
In addition to this description, there is also an article in the current
german 'Linux Magazin 08/06'.
URL: http://www.linux-magazin.de/
Kind Regards,
Thomas
Reply to: