Not sure I follow.. AH(51) ESP(50) are IPsec traffic, as long as you have that module you should be all set (FreeSwan) On Fri, 2003-12-19 at 15:42, Ian Hunter wrote: > For days now I've been trying to figure out how to recompile my Redhat > 2.4.20-24.9 kernel to allow masquerading IPSec ESP traffic. I ran the > much-vaunted "grep -i masq /proc/ksyms" and to my chagrin got nothing back, > but on a lark decided I'd try "iptables -A FORWARD -t nat -i ppp0 -p esp -j > ACCEPT" just to see if it would fly and it did. Of course. And now you're > all laughing at me. > > Where is this documented, that gre, esp, ah, and the like are acceptable > protocols? The docs mention icmp, tcp, and udp only. > > Is there such a document, or have I discovered a particular cover of the > netfilter doc-hole? > > Ian > >
