[Openswan Users] Forwrward decripted traffic with NETKEY
davor krabse
davorkk at hotmail.com
Sat Jun 9 15:47:19 EDT 2007
>Yes, Peter is right INCOMING tunnel packets flow twice through netfilter.
>I'm using iptables mangling on IPSec traffic without problems on prerouting
>chain. Check iptables counters with iptables -L -vn and iptables -L -vn -t
>nat if your rules get hit. You can try
I used the following commands:
iptables -t mangle -A PREROUTING -p esp -j MARK --set-mark 1
iptables -t nat -A PREROUTING -m mark --mark 1 -p udp --dport 1701 -j DNAT
--to 192.168.147.11
but with:
iptables -L -vn -t nat
iptables -L -vn -t mangle
the nr of packets and bytes is 0, although the IPSEC between client and
linux vpn server is established.
Davor
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Users
mailing list