Georgi Alexandrov <tehlists@xxxxxxxxxx> writes: > rowdy wrote: >> I added rules like the following (but to user chains that I then >> added to the input, output and forward chains) to solve my hassles >> (clipped from the freeswan link above): >> # allow IPsec >># >># IKE negotiations >>iptables -I INPUT -p udp --sport 500 --dport 500 -j ACCEPT >>iptables -I OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT >># ESP encryption and authentication >>iptables -I INPUT -p 50 -j ACCEPT >>iptables -I OUTPUT -p 50 -j ACCEPT >> ..snip > that's more than pointless as he has INPUT, OUTPUT and FORWARD > policies set to ACCEPT and no other rules. Even so, I'm thankfull for any suggestions. So, going back to my initial question; How can I go about finding out where my packets are droped? Since it's most likelly not because of any netfilter rule entry, who else can decide that a packet can not be NATed? -- /Ola Nilsson
