Kernel 2.6.16 and iptables

To: backports-users@lists.backports.org
Subject: Kernel 2.6.16 and iptables
From: Martijn Grendelman <martijn@grendelman.net>
Date: Tue, 04 Jul 2006 10:58:15 +0200
Message-id: <[🔎] 44AA2DA7.9010406@grendelman.net>

Hi,

I just thought I'd share the following with you all. It's a bitoff-topic, but hopefully useful nonetheless.

I wanted to install a kernel from Bpo (linux-image-2.6-vserver-6866.16-13bpo1), but I knew there would be problems with IPsec tunnels andmasquerading, because of changes in netfilter.

The solution I found after a lot of searching and reading was to insertan iptables rule like this one, just above the MASQUERADE rule:

iptables -t nat -A POSTROUTING -o eth1 -m policy --dir out --pol ipsec-j ACCEPT


(eth1 is where my internet connection is on)

However, this requires IPsec policy match support, in the kernel as wellas in iptables. This didn't work with iptables 1.3.3-1bpo1. Finalyy Idecided to package iptables 1.3.5 from upstream and now it works. I caseanyone is interested:


http://debian.sipo.nl/dists/sarge/iptables/binary-i386/iptables_1.3.5-0pocos1_i386.deb

I hope this is of use to anyone outthere.

Regards,
Martijn.

Reply to:

Follow-Ups:
- Re: Kernel 2.6.16 and iptables
  - From: Thomas Walter <t.walter@nefkom.net>

Prev by Date: Re: Wesnoth backport problems
Next by Date: Problems with wpa_gui or kwifimanager
Previous by thread: Re: Wesnoth backport problems
Next by thread: Re: Kernel 2.6.16 and iptables
Index(es):
- Date
- Thread