[Openswan Users] Forwrward decripted traffic with NETKEY

Administrator admin at different-perspectives.com
Fri Jun 8 13:29:39 EDT 2007


> >
> > iptables -t mangle -A PREROUTING -p esp -j MARK --set-mark
> 1 iptables
> > -t nat -A PREROUTING -m mark --mark 1 -p udp --dport
> > 1701 -j DNAT
> > --to localWin2K3
> >
>
> Looks good, do you get any errors when you input them?
> Is iptables mark enabled in your kernel?
> Is localWin2K3 a hostname or ip address?
> If hostname must be in /etc/hosts because iptables runs before dns.

I would think this is never going to work, as the only packets marked will
have ESP protocol, and the DNAT will only match marked packets with UDP
protocol.

Or have I misunderstood the syntax?





More information about the Users mailing list