ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:
> > ip daddr 179.x.x.x tcp dport 61023 dnat to 172.25.120.2
> > (its not clear to me if you actually want daddr or
> > ip saddr 179.x.x.x/8 tcp dport 61023 dnat to 172.25.120.2).
> ip daddr 179.x.x.x udp dport 61023 dnat to 172.25.120.2 -> does it
>
> Now being exited that it is working I was getting adventurous and tried the
> routing decision earlier at the raw level
>
> table raw {
> chain prerouting {
> type filter hook prerouting priority -300;
> ip daddr 179.x.x.x udp dport 61023 ip daddr set 172.25.120.2
> }
> }
>
> Basically the first vpn TLS packet gets through |TLS: new session incoming
> connection from| but then the vpn stops dead in its track. Suppose that is
> because raw is still stateless?
Yes, its stateless so reverse direction isn't translated.
You can of course do this manually but icmp path mtu messages won't be
translated either.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
