[Openswan Users] DNAT and ipsec?

Harald Scharf h.scharf at nestec.at
Sat Mar 17 06:37:20 EDT 2007


Hi,

What is the kernel release, you have in use?

regards

harald 

-----Ursprüngliche Nachricht-----
Von: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Im Auftrag von Wappie MD
Gesendet: Samstag, 17. März 2007 09:56
An: users at openswan.org
Betreff: [Openswan Users] DNAT and ipsec?

Hi,
I have a question and was wondering if anyone can confirm this.
I'm DNAT-ting packets from 10.47.0.0 to 10.37.0.0 in iptables.
Also: my leftsubnet in ipsec.conf is:
leftsubnet=10.47.0.0/16

I've been looking through my iptables logging and have found that packets arrive on PREROUTING in iptables. After that they dissappear from iptables altogether. I can't find them anymore on either FORWARD or INPUT.

Is this intended behaviour? Is there any setting i can use in ipsec.conf to prevent this from happening? I'm using NETKEY.

thanks heaps for input,
Muha
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



NESTEC - Die IT Security & Messaging Distribution mit Persönlichkeit
GFi Software - BitDefender - NOD32 - BRICKS ISS - pdfMachine
2X Terminal & ThinClient Solutions -Accunetix
Besuchen sie uns: www.nestec.at




More information about the Users mailing list