Eduardo Spremolla schrieb:
I have 2 local networks 10.2.2.0/24 and 10.37.130.0/24 interconnected by
a ipsec tunnel running on kernel 2.6 native ipsec. So far so good.
Now the admin of 10.37.130.0 wants me to NAT my network to 10.3.3.0
because he had a ip conflict. I cant SNAT because when the packet goes
to nat post it has been encapsulated in ESP and had the firewalls
address, as you can see in the bottom log snipe.I try to use NETMAP in
mangle PREROUTING, but it changes the dest ip , not the source.
Is this possible?
Thanks in advance for any clue.
LALO
According to http://www.shorewall.net/netmap.html, besides I don´t
really know how and when NETMAP interacts, it should work if you use an
Interface for IPSec like the alternative IPSec stack implemented by
FreeS/WAN. For the native stack I don´t know if it will work you will
need to know when it exactly interacts. It will probably only work when
implemented directly into the IPSec stack.