Hello
I was using a 2.6.14 kernel with a esp match mark rule for my ipsec
connection. However with kernel 2.6.17 iptables will not match esp
packets with the same rule.
iptables -t mangle -A INPUT --proto esp -j MARK --set-mark 1
iptables -A INPUT -i eth0 -m mark --mark 1 -j LOG --log-prefix "Mark 1:"
iptables -A INPUT -i eth0 -m mark --mark 1 -j ACCEPT
My ipsec connection uses NAT-T and the esp packets are encapsulated
inside UDP 4500. If I match and mark port 4500 udp my VPN works as
expected.
Did something change related to the matching of esp packets that I am
not aware of?
Thanks for your time.
-BC
Brett Curtis
dashnu@xxxxxxxxx
http://teh.sh.nu
