I'm following up on a thread that started at <https://lists.netfilter.org/pipermail/netfilter/2005-November/063703.html>. The problem was trying to connect to a SonicWALL VPN through a NAT box running iptables. Packets went from client to NAT box, then NAT box to VPN server, then back from the VPN serve to the NAT box, but disappeared into an abyss somewhere between mangle PREROUTING and nat PREROUTING. The connection showed up as tracked in /proc/net/ip_conntrack, but tcpdump showed no packets going out the inward facing ethernet card. As it turns out, an upgrade to 2.6.15.1 seems to have totally fixed the problem. I also went through the kernel options one-by-one and turned off absolutely everything that was not essential for the server. So either explanation could account for the fix. People had suspected before that the Debian stock kernel IPSec functionality was getting in the way; the Debian kernel does come with IPSec modules but none of them were loaded. In any case, I thought I'd just post this to put some finality to the discussion. Thanks for everyone who helped earlier. -- Adam Rosi-Kessel http://adam.rosi-kessel.org
