On Sat, 2003-09-20 at 20:04, Martin Josefsson wrote: > Gah, I hoped we had fixed all these problems. Getting all the > corner-cases right isn't as easy as one thinks when we perform multiple > translations. :-) > Is the NAT-rules on the machine that has the tunnel? If they are that > might explain a thing or two since the code looks correct for the case > where the packets pass through and another machine down the pipe sends > the icmp message back. Yes - all of this is on one machine. One interface has the effective listening port on it, another interface of the same box has the ipsec0 interface layered on top. Nigel. -- [ Nigel Metheringham Nigel.Metheringham@xxxxxxxxxxxxxxxxxx ] [ - Comments in this message are my own and not ITO opinion/policy - ]
