Hello, I've upgraded one of our old firewalls from RHEL4 to RPATH 1.0.5 (2.6.16). We moved the firewall script directly from the old firewall to the new one and everything appeared to work except IPSEC, which failed. It appears that it's no longer honoring the -p ! esp portion of the postrouting. I'm not sure if this is or is not standard behavior or not or if there is a better way of doing what I'm doing below. We have additional IP's beyond what's listed below (some public, some not) which would require multiple lines for this. Original: -A POSTROUTING -o eth1 -p ! esp -j MASQUERADE Current working: -A POSTROUTING -s 10.0.16.0/255.255.248.0 -d 10.0.32.0/255.255.255.0 -o eth1 -j ACCEPT -A POSTROUTING -o eth1 -j MASQUERADE
