[Openswan Users] Strange problem after updating from kernel2.6.8 to 2.6.18
Witold Golab
w.golab at gtn.pl
Tue Dec 11 09:33:57 EST 2007
Dnia wtorek 11 grudnia 2007, Balázs Bárány napisał(a):
> Hello,
>
> * Marco Berizzi <pupilla at hotmail.com> [2007-12-11 09:47]:
> > Are you using ipcomp? If so you must also accept packet with protocol 4.
> > It is know bug to the netfilter team.
>
> thank you! This is very good information. I'll try that and update the
> Openswan wiki: http://wiki.openswan.org/index.php/Openswan/ConfFirewall
>
> > There is nothing special to do. Since 2.6.16 netfilter will 'see' clear
> > packets: so there must be a rule to accept them somewhere:
> >
> > iptables -I FORWARD -s source_net -d dest_net -j ACCEPT
> > iptables -I FORWARD -s source_net -d dest_net -j ACCEPT
>
> I had similar rules, they just didn't get any packets.
>
> Thanks!
Try add these rules to INPUT chain (yes, I know - it doesn't make a sense -
but should resolve your problem):
iptables -I INPUT -s source_net -d dest_net -j ACCEPT
iptables -I INPUT -s source_net -d dest_net -j ACCEPT
Also check what tcpdump says....
Regards
Vaitek
More information about the Users
mailing list