On 10/08/2011 09:01 PM, Stephen Clark wrote:
On 10/08/2011 06:27 PM, Jan Engelhardt wrote:
On Saturday 2011-10-08 23:09, Stephen Clark wrote:
On 10/08/2011 05:26 AM, Jan Engelhardt wrote:
On Saturday 2011-10-08 04:08, Stephen Clark wrote:
Hi,
What is the reasoning for having SNAT happen before ipsec encryption?
It can happen before and/or after - see the nf flow graph.
Do you have a link to the graph?
http://jengelh.medozas.de/images/nf-packet-flow.png or .svg
Beautiful! Thanks,
Hi Jan,
In looking at the graph - do in ipsec packets and out ipsec packet hit
the INPUT and OUTPUT
chains even if the packet is being forwarded and is not really destined
for the machine running
iptables?
Thanks for taking the time to respond.
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
