Re: SNAT and IPSEC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eduardo Spremolla schrieb:
I have 2 local networks 10.2.2.0/24 and 10.37.130.0/24 interconnected by
a ipsec tunnel running on kernel 2.6 native ipsec. So far so good.

Now the admin of 10.37.130.0 wants me to NAT my network to 10.3.3.0
because he had a ip conflict. I cant SNAT because when the packet goes
to nat post it has been encapsulated in ESP and had the firewalls
address, as you can see in the bottom log snipe.I try to use NETMAP in
mangle PREROUTING, but it changes the dest ip , not the source.

Is this possible?

Thanks in advance for any clue.

LALO

According to http://www.shorewall.net/netmap.html, besides I don´t really know how and when NETMAP interacts, it should work if you use an Interface for IPSec like the alternative IPSec stack implemented by FreeS/WAN. For the native stack I don´t know if it will work you will need to know when it exactly interacts. It will probably only work when implemented directly into the IPSec stack.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux