Hello! > Has anyone else thought about this problem? I thought about this (ages ago, so this can be stale) The verdict was that self-consistent picture is possible only when NAT rules are integral part of SPD. It does not look like a stimulating idea. :-) > I have considered introducing a new NAT chain between filtering > and routing where you can place SNAT rules into. I do not understand this. In this case IPsec is to be applied to _translated_ packet, is not it? Am I wrong? If I am not wrong, there is no place to add an additional hook. Alexey - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
