For days now I've been trying to figure out how to recompile my Redhat 2.4.20-24.9 kernel to allow masquerading IPSec ESP traffic. I ran the much-vaunted "grep -i masq /proc/ksyms" and to my chagrin got nothing back, but on a lark decided I'd try "iptables -A FORWARD -t nat -i ppp0 -p esp -j ACCEPT" just to see if it would fly and it did. Of course. And now you're all laughing at me. Where is this documented, that gre, esp, ah, and the like are acceptable protocols? The docs mention icmp, tcp, and udp only. Is there such a document, or have I discovered a particular cover of the netfilter doc-hole? Ian
