[Openswan Users] Iptables problem (netkey)
Nicole Hähnel
nicole.haehnel at gmx.net
Wed Jan 9 09:51:49 EST 2008
Hi,
today we switched from klips to netkey on SLES10 SP1
2.6.16.54-0.2.3-default, openswan 2.4.11,
because server crashes with ipsec module running.
Until now we added iptables rules on interface ipsec0 to accept traffic
between networks.
Without an ipsec interface it's a little bit difficult to add rules.
We tried:
iptables -A FORWARD -s net1 -d net2 -m state --state NEW
iptables -A FORWARD -s net2 -d net1 -m state --state NEW
but it won't work.
I only see:
kernel: -- DENY IN=dsl0 OUT= MAC=xxxx SRC=xxx DST=xxx LEN=72 TOS=0x00
PREC=0x00 TTL=57 ID=55683 PROTO=4
Do I have to add a rule to allow PROTO 4?
Thanks!
Nicole
More information about the Users
mailing list