Re: Kernel 2.6.16 and iptables

To: backports-users@lists.backports.org
Subject: Re: Kernel 2.6.16 and iptables
From: Thomas Walter <t.walter@nefkom.net>
Date: 05 Jul 2006 00:27:04 +0200
Message-id: <[🔎] 1152052024.2704.275.camel@seneca.org.eu>
In-reply-to: <[🔎] 44AA2DA7.9010406@grendelman.net>
References: <[🔎] 44AA2DA7.9010406@grendelman.net>

Hi,

On Tue, 2006-07-04 at 10:58, Martijn Grendelman wrote:
> Hi,
> 
> I just thought I'd share the following with you all. It's a bit 
> off-topic, but hopefully useful nonetheless.
> 
> I wanted to install a kernel from Bpo (linux-image-2.6-vserver-686 
> 6.16-13bpo1), but I knew there would be problems with IPsec tunnels and 
> masquerading, because of changes in netfilter.
> 
> The solution I found after a lot of searching and reading was to insert 
> an iptables rule like this one, just above the MASQUERADE rule:
> 
> iptables -t nat -A POSTROUTING -o eth1 -m policy --dir out --pol ipsec 
> -j ACCEPT
> 
> (eth1 is where my internet connection is on)
> 
> However, this requires IPsec policy match support, in the kernel as well 
> as in iptables. This didn't work with iptables 1.3.3-1bpo1. Finalyy I 
> decided to package iptables 1.3.5 from upstream and now it works. I case 
> anyone is interested:
> 
> http://debian.sipo.nl/dists/sarge/iptables/binary-i386/iptables_1.3.5-0pocos1_i386.deb
> 
> I hope this is of use to anyone outthere.
> 

In addition to this description, there is also an article in the current
german 'Linux Magazin 08/06'.
URL:  http://www.linux-magazin.de/

Kind Regards,
Thomas

Reply to:

References:
- Kernel 2.6.16 and iptables
  - From: Martijn Grendelman <martijn@grendelman.net>

Prev by Date: Re: Wesnoth backport problems
Next by Date: ooqs-kde-2.0.3-7bpo1 consumes 100% cpu
Previous by thread: Kernel 2.6.16 and iptables
Next by thread: Problems with wpa_gui or kwifimanager
Index(es):
- Date
- Thread