On Wednesday 2008-07-16 19:19, Grant Taylor wrote: > On 07/16/08 11:54, Jan Engelhardt wrote: >> iptables -t nat -A POSTROUTING -m policy --dir out --mode tunnel --tunnel-dst >> <realip of vendor> -j NETMAP --to 192.168.101.0/24 >> iptables -t nat -A PREROUTING -m policy --dir in --mode tunnel >> --tunnel-src <realip of vendor> -j NETMAP --to 192.168.10.0/24 > > How does this take in to account that there is very likely an IP > address conflict between the local side of the VPN and the remote > side of the VPN? I'm very much afraid that the local server will > just try to talk to a local IP thinking that it is replying > directly back to the original client. Packets already destined for the tunnel (see first rule) are not rerouted, because, well, it's POSTrouting. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
