Kernel 2.6.16 and iptables
Hi,
I just thought I'd share the following with you all. It's a bit
off-topic, but hopefully useful nonetheless.
I wanted to install a kernel from Bpo (linux-image-2.6-vserver-686
6.16-13bpo1), but I knew there would be problems with IPsec tunnels and
masquerading, because of changes in netfilter.
The solution I found after a lot of searching and reading was to insert
an iptables rule like this one, just above the MASQUERADE rule:
iptables -t nat -A POSTROUTING -o eth1 -m policy --dir out --pol ipsec
-j ACCEPT
(eth1 is where my internet connection is on)
However, this requires IPsec policy match support, in the kernel as well
as in iptables. This didn't work with iptables 1.3.3-1bpo1. Finalyy I
decided to package iptables 1.3.5 from upstream and now it works. I case
anyone is interested:
http://debian.sipo.nl/dists/sarge/iptables/binary-i386/iptables_1.3.5-0pocos1_i386.deb
I hope this is of use to anyone outthere.
Regards,
Martijn.
Reply to: