26sec+forwarding, bug or PEBKAC?

rsnel at cube.dyndns.org rsnel at cube.dyndns.org
Wed Apr 6 23:25:13 CEST 2005


On Wed, Apr 06, 2005 at 02:36:10PM +0200, Allain Yoann wrote:
> > On Tue, 31 Mar 2005 22:16:40, rsnel at cube.dyndns.org wrote
> > >
> > >packets from ipsec tunnel seem to get lost before they enter the the
> > >FORWARD chain with kernel 2.6.11. There is no problem with 2.6.8-2-k6
> > >(Debian kernel with 26sec) and there is no problem with ipsec turned
> > >off.
> > > [...]
> > >So, is it a bug, feature, or just misconfiguration? Can you reproduce?
> > >I would appreciate any insight on this problem.
> I solved the problem:
> Since the kernel 2.6.10, we must set a "fwd" policy in the same way we
> did for the "in" policy on each host-end of the tunnel.
> I just found one reference on the web:
> http://www.ipsec-howto.org/x277.html (one line in the middle)
> I hope others newbies like me won't lose too much time on it...

Many thanks Allain for your solution. (I didn't try it out yet, but I
expect it to work) And so problem turned out to be misconfiguration of a
new feature...



More information about the netfilter mailing list