Hi, For a peculiar VPN address management scenario, I want to change source address of incoming packet destined for the box (inner IP packet in the IPsec tunnel terminated on the box) to a certain value. With iptables, SNAT can be configured only for POSTROUTING chain which won't be hit in this case as the packet is destined for the box. One option is to add a NFQUEUE rule in INPUT chain to queue interesting packets to user-space, change the source address from user-space and re-insert the packet in rx path. I want to avoid using this approach if possible because of the inenvitable degradation in data rate because of the trip to user-space, over-head of managing the user-space program, etc. Is there any other way in which this can be achieved? Googling showed an old thread which discusses similar issue.. looks like at that time there was no other way to achieve this. Does it still hold good? http://lists.netfilter.org/pipermail/netfilter-devel/2001-March/000717.html Thanks in advance Regards Ajay -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
