> It seems I hit the same problem when trying to setup an IPSec tunnel between > two routers (running Linux 2.4.18+newnat). FTP data transfer is broken. Control > connection is ok. > After some investigations it seems NAT doesn't recognize IPSec packets being > part of the FTP connection and so they get dropped. > > Sure an IPSec helper would help...
Can you please explain roughly what such a helper would do? Assume that I know how traffic enters and leaves a Linux router, how unencrypted traffic enters and leaves the router, and what the IP stack and iptables does to the traffic as it passes. I don't know how that ipsec fits into the picture. Please, give a rough outline, and what operation such an IPSec helper would perform in that picture. thanks, and best regards PAtrick
