Hmm... I must have missed this in the mailings. Can someone give me a
quick synopsis on what the ip-forward fix does? Does this affect iptables
Basically, without the patch, it is impossible to SNAT (with iptables)
traffic going through a CIPE tunnel. Note that this doesn't have
anything to do with running a CIPE tunnel through a NATted connection
-- that works fine and doesn't have anything to do with the CIPE
implementation (as the protocol is designed to work through NAT and
just looks like UDP packets). Note also that the bug does not affect
IP masquerading with ipchains, even with a 2.4 kernel.
The 20020308 snapshot, which I have been using in production for some
time, includes this fix. There was also a patch relative to 1.5.2
posted to the list by Rik Faith on October 31, 2001.
Jay Berkenbilt <ejb,AT,ql,DOT,org>