RUMI Szabolcs wrote: > iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -d 164.99.192.0/22 -j SNAT --to-source 164.99.195.8 > The IP address in --to-source 164.99.195.8 is the one that was > dynamically allocated by the remote corporate VPN concentrator > (not under my control) at the time I've tested the setup. > I cannot make an iproute2 dump because I'm using the oldskool which ike/ipsec implementation are you using? > and goes through iptables and gets NATed in the POSTROUTING > chain it goes straight out to eth0 and it does not get > reevaluated whether it should be handled by IPsec. mhhh which kernel version? - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
