Are these patches incorporated in some iptables version so far? I'm running 1.2.9-2.3.1 now. and do not have development environment in that box, as a secure measure. Thanks to every body who replayed so far. LALO On Thu, 2005-04-14 at 16:03 +0200, Daniel Lopes wrote: > Michael Muenz schrieb: > > Hi, > > > > > >>"Eduardo Spremolla" <edspremolla@xxxxxxxxxxxx> schrieb im > >>Newsbeitragnews:1113393681.4244.3.camel@xxxxxxxxxxxxxxxxxxxxxxx > >>Yes, the OpenSwan is mutch more clear, yuo have the packet with the > >>originals ip in the nat post chain to the tunn0 device. > > > > > >>Is there any chance to aplay NETMAP to the source > >>ip on PREROUTING ? > > > > > > I never used NETMAP but this is from the description: > > It can be applied to the PREROUTING chain to alter the destination of > > incoming connections, to the POSTROUTING chain to alter the source > > of outgoing connections, or both (with separate rules). > > > > You want to alter the source (10.2.2.0/24) and that's an outgoing conn. > > (Of course vice versa) .. > > > > So perhaps this will work: > > iptables -t nat -A POSTROUTING -s 10.2.2.0/24 -d 10.37.130.0/24 \ > > -j NETMAP --to 10.3.3.0/24 > > iptables -t nat -A PREROUTING -s 10.37.130.0/24 -d 10.3.3.0/24 \ > > -j NETMAP --to 10.2.2.0/24 > > > > - Michael > > > > > > > > > No it wonÂt thatÂs the problem because with native IPSec the packets > only pass the chains once (without the patches). So they arrive tunnel > encapsulated at the POSTROUTING chain. But with the patches it would > probably work. > Este e-mail y cualquier posible archivo adjunto està dirigido Ãnicamente al destinatario del mensaje y contiene informaciÃn que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Està prohibida cualquier utilizaciÃn, difusiÃn o copia de este e-mail por cualquier persona o entidad que no sean las especÃficas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicaciÃn que haya sido emitida incumpliendo nuestra PolÃtica de Seguridad de la InformaciÃn. . . . . . . . . . This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender inmediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that not is the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.
