[Linux-HA] ipsec on 2.6.16+ question
Gary W. Smith
gary at primeexalia.com
Sun Dec 17 17:45:59 MST 2006
Sorry, this is what happens when you subscript to too many lists. This
was bound for the netfilter list.
> -----Original Message-----
> From: linux-ha-bounces at lists.linux-ha.org [mailto:linux-ha-
> bounces at lists.linux-ha.org] On Behalf Of Gary W. Smith
> Sent: Sunday, December 17, 2006 3:59 PM
> To: linux-ha at lists.linux-ha.org
> Subject: [Linux-HA] ipsec on 2.6.16+ question
>
> Hello,
>
> I've upgraded one of our old firewalls from RHEL4 to RPATH 1.0.5
> (2.6.16). We moved the firewall script directly from the old firewall
> to the new one and everything appeared to work except IPSEC, which
> failed. It appears that it's no longer honoring the -p ! esp portion
of
> the postrouting. I'm not sure if this is or is not standard behavior
or
> not or if there is a better way of doing what I'm doing below. We
have
> additional IP's beyond what's listed below (some public, some not)
which
> would require multiple lines for this.
>
> Original:
>
> -A POSTROUTING -o eth1 -p ! esp -j MASQUERADE
>
> Current working:
> -A POSTROUTING -s 10.0.16.0/255.255.248.0 -d 10.0.32.0/255.255.255.0
-o
> eth1 -j ACCEPT
> -A POSTROUTING -o eth1 -j MASQUERADE
>
> _______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
More information about the Linux-HA
mailing list