I KNOW you can have always used the PROTOCOL numbers but the names may have been recently implemented...as far as where it is documented - in the frees/wan docs - it talks about the types of rules which you will need in iptables.. -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ian Hunter Sent: Friday, December 19, 2003 3:42 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Argh! I'm kicking myself For days now I've been trying to figure out how to recompile my Redhat 2.4.20-24.9 kernel to allow masquerading IPSec ESP traffic. I ran the much-vaunted "grep -i masq /proc/ksyms" and to my chagrin got nothing back, but on a lark decided I'd try "iptables -A FORWARD -t nat -i ppp0 -p esp -j ACCEPT" just to see if it would fly and it did. Of course. And now you're all laughing at me. Where is this documented, that gre, esp, ah, and the like are acceptable protocols? The docs mention icmp, tcp, and udp only. Is there such a document, or have I discovered a particular cover of the netfilter doc-hole? Ian
