[Linux-HA] ipsec on 2.6.16+ question
Gary W. Smith
gary at primeexalia.com
Sun Dec 17 16:58:39 MST 2006
Hello,
I've upgraded one of our old firewalls from RHEL4 to RPATH 1.0.5
(2.6.16). We moved the firewall script directly from the old firewall
to the new one and everything appeared to work except IPSEC, which
failed. It appears that it's no longer honoring the -p ! esp portion of
the postrouting. I'm not sure if this is or is not standard behavior or
not or if there is a better way of doing what I'm doing below. We have
additional IP's beyond what's listed below (some public, some not) which
would require multiple lines for this.
Original:
-A POSTROUTING -o eth1 -p ! esp -j MASQUERADE
Current working:
-A POSTROUTING -s 10.0.16.0/255.255.248.0 -d 10.0.32.0/255.255.255.0 -o
eth1 -j ACCEPT
-A POSTROUTING -o eth1 -j MASQUERADE
More information about the Linux-HA
mailing list