# HELP - update/new kernel broke ip forwarding - SOLVED

## Moriah

i just updated my choke firewall from a 2.6.37-gentoo-r3 kernel to a 3.5.7-gentoo kernel and did an update with emerge --sync and emerge --update --deep --newuse world, and now ip forwarding no longer works.    :Crying or Very sad: 

Has something changed in the way forwarding works?

======== update ========

Its beginning to look like a connection tracking problem, because when I connectfrom the choke firewall to a machine on the lan behind that firewall, the lan machine can see the dmz and the internet.

I have a vague recollection of something changing regarding connection tracking with the 3.x.x kernels and iptables.    :Confused: 

It did not affect me at the time because I was still on a 2.x.x kernel, but this has the potential to wreck great havoc with all my firewalls.  Does anybody remember what changed with connection tracking?

----------

## Moriah

 :Embarassed:   :Embarassed:   :Embarassed:   :Embarassed:   :Embarassed:   :Embarassed:   :Embarassed:   :Embarassed: 

My confusiion.  Too many things breaking at once threw me off the scent.

The latest update broke a lot of things.  To get any connectivity at all, I connected my trysty laptop via wifi to an different subnet.  When I switched it back, I forgot to re-establish the default gateway in the routing table.  In reality, after rebuilding the choke firewall, ip forwarding *DID* work, but my gateway was wrong, so it looked like it didn't.

Amazing what a good night's sleep can do...

THAT alligator is dead; now on to draining the swamp!    :Wink: 

----------

