On Wed, Dec 11, 2002 at 04:02:07PM +0100, Andrea Rossato wrote: > Stephane Jourdois wrote: > >I would need to be able to modify the source ip on input GRE paquets. > >This is because I'm trying to setup a pptp tunnel, via a router that > >doesn't NAT correctly the GRE. > >The client receives GRE, but replies with it's own local ip, then my > >server cannot receive the answers... If I could just change the source > >ip on those paquets, that would be perfect... > > i don't know if I've got your problem correctly, also because I don't > know pptp too much (so, shut up, you'll say...;) no, no, I won't ;-) > if you want to match gre packets and change their source address (not > the source addr. of encapsulated packets) you should be able with > iptables -A POSTROUTING -t nat -p gre -j SNAT --to-source > new-grepacket-source-addr > this will match all outgoing (from the client) traffic using gre protocol. The problem is that I wan't to change the incoming traffic... What I would need is something similar to : -A PREROUTING -j SNAT --from-source xxx > but is this what you need? > where are the tunnel end points? the router has two tunnels connecting > the server and the client? the tunnel is between the router and the server? The server is My linux machine, on which I wan't to modify the GRE traffic, because I don't have access to the gateway of the client (a windows 2k, but that doesn't matter). > Instead, if you want to change source address of encasplulated packets, > that would be interesting... mmm No, they are not. Well, they are over IP ;-) Thanks for your help, anyway. -- /// Stephane Jourdois /"\ ASCII RIBBON CAMPAIGN \\\ ((( Ingénieur développement \ / AGAINST HTML MAIL ))) \\\ 6, av. George V X /// \\\ 75008 Paris / \ +33 6 8643 3085 ///
