Harald Welte <[EMAIL PROTECTED]> wrote:
>> Chain INPUT (policy ACCEPT 20 packets, 1680 bytes)
^^^^^^
>> Chain INPUT (policy DROP 20 packets, 1680 bytes)
^^^^
> Where is this configuration different from the configuration
> above? Either I am blind or there is no difference.
The default policy. As you (Harald) wrote, it certainly looks like
the non-GRE (ie. non proto 47) packets need to get through too.
Best add a logging rule to find out what exactly gets dropped
there, and then explicitly allow those too.
Cheers,
Dan
--
Daniel Roethlisberger <[EMAIL PROTECTED]>
PGP Key ID 0x8DE543ED with fingerprint
6C10 83D7 2BB8 D908 10AE 7FA3 0779 0355 8DE5 43ED
