How can I know if the patches are in my version: kernel 2.6.10-1.771_FC2 iptables 1.2.9-2.3.1 ipsec-tools 0.5-2.fc2 I will test it. I did not set the POSTROUTING SNAT rule, since I understand make no sense in the ESP packet. Thanks for the clue. LALO On Wed, 2005-04-13 at 10:58 -0400, Jason Opperisano wrote: > On Tue, Apr 12, 2005 at 03:08:12PM -0300, Eduardo Spremolla wrote: > > I have 2 local networks 10.2.2.0/24 and 10.37.130.0/24 interconnected by > > a ipsec tunnel running on kernel 2.6 native ipsec. So far so good. > > > > Now the admin of 10.37.130.0 wants me to NAT my network to 10.3.3.0 > > because he had a ip conflict. I cant SNAT because when the packet goes > > to nat post it has been encapsulated in ESP and had the firewalls > > address, as you can see in the bottom log snipe.I try to use NETMAP in > > mangle PREROUTING, but it changes the dest ip , not the source. > > > > Is this possible? > > > > Thanks in advance for any clue. > > dunno if this will help or not; as i have lost my test lab, but have you > applied the ipsec patches from PoM: > > ipsec-01-output-hooks > ipsec-02-input-hooks > ipsec-03-policy-lookup > ipsec-04-policy-checks > > it is my understanding that these patches make packets traverse the > netfilter hooks twice: once clear, and again encrypted. > > -j > > -- > "Peter: I call it... Petoria. I was going to call it Peterland, > but that gay bar by the airport took it." > --Family Guy > Este e-mail y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. . . . . . . . . . This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender inmediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that not is the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.