Hello, Sorry if this is a basic question. I've googled but can't figure out if SNAT should work or not. To connect from home to my office I've to use IPSEC. To have full access to my company's network I've to SNAT all packets to a certain IP address. I did this with an iptables rule like : iptables -t nat -A POSTROUTING -d x.y.0.0/16 -j SNAT --to-source 172.a.b.c where x.y.0.0 is the class B network of my company's network, and 172.a.b.c is an IP address routed in this company's network. Now what is working and what is not : At home on the same box, I've SuSE 9.2 and SuSE 9.3. (Note with both, I use the same ipsec.conf file) 1/ SuSE 9.2 is based on kernel 2.6.8 + 4 netfilter/ipsec patches. When I establish the IPSEC tunnel, everything works. No problem. 2/ SuSE 9.3 is based on kernel 2.6.11 + 4 netfilter/ipsec patches. With this, I have no problem to establish the IPSEC tunnel, but I can't do anything. If I ping x.y.1.1 here is what tcpdump shows : 09:33:09.555732 IP 192.168.1.100 > 194.t.u.v : ESP(spi=0x03dbfaed,seq=0x2b) 09:33:09.629801 IP 194.t.u.v > 192.168.1.100: ESP(spi=0xce9c61eb,seq=0x2b) 09:33:09.629801 IP x.y.1.1 > 172.a.b.c: icmp 64: echo reply seq 14 09:33:09.629801 IP x.y.1.1 > 172.a.b.c: icmp 64: echo reply seq 14 192.168.1.100 is the local IP address of the SuSE box. 194.t.u.v is the public address of the IPSEC gateway of the company x.y.1.1 is an internal host in company's network 172.a.b.c is the IP address that I've to use to have full access in company's network. As you can see ping replies are coming to the SuSE box, but they are not passed to the ping application which indicates 100% packet loss. With SuSE 9.2, the tcpdump shows exactly the same packets, but it works. I've compiled 2.6.11.7 from kernel.org + 4 netfilter/ipsec patches. It gives same failed result : IPSEC tunnel ok but nothing works. Is it a known problem or have I missed something ? Thanks for your help Rgds / AS
