On Sat 2011-10-08, 04:08:04 CEST Stephen Clark <sclark46@xxxxxxxxxxxxx> wrote:
What is the reasoning for having SNAT happen before ipsec encryption? It forces one to add special rules in the NAT table to keep this from happening and I can't think of one reason why you would want it to be this way. Please someone enlighten me.
IMHO the main reason is that addresses translation of IPsec encapsulated packet
wouldn't work without something like NAT Traversal. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html