Hi everybody, I'm trying to configure a box with Linux kernel 2.6 native ipsec, that now works as a firewall with SNAT. My internal network is 10.1.1.0/24, but the ipsec tunnel need to se part of it as 10.2.1.0/24, so my question is: Once the ipsec packets are decrypted them came again from eth1 that is my external interface, them were market in mangle PREROUTING to let them in, but them pass again through filter PREROUTING in order to be DNATed ? And other question : are there any debug tool that allow to sniff packets as them traverse the different tables? Like tcpdump in the point between PREROUTING and FORWARD. Many thanks in advance. LALO
