[Openswan Users] Iptables problem (netkey)

Nicole Hähnel nicole.haehnel at gmx.net
Wed Jan 9 09:51:49 EST 2008


today we switched from klips to netkey on SLES10 SP1, openswan 2.4.11,
because server crashes with ipsec module running.
Until now we added iptables rules on interface ipsec0 to accept traffic 
between networks.
Without an ipsec interface it's a little bit difficult to add rules.

We tried:

iptables -A FORWARD -s net1 -d net2 -m state --state NEW
iptables -A FORWARD -s net2 -d net1 -m state --state NEW

but it won't work.

I only see: 
kernel: -- DENY IN=dsl0 OUT= MAC=xxxx SRC=xxx DST=xxx LEN=72 TOS=0x00 
PREC=0x00 TTL=57 ID=55683 PROTO=4

Do I have to add a rule to allow PROTO 4?


More information about the Users mailing list