[Openswan Users] netkey nat problem
Paul Wouters
paul at xelerance.com
Thu Jan 21 23:37:56 EST 2010
On Thu, 21 Jan 2010, Michael H. Warfield wrote:
>> Shouldn't that be RETURN instead of ACCEPT? Perhaps the result is the same.
>
> Only if the default policy is ACCEPT in the POSTROUTING chain (iptables
> -t nat -P POSTROUTING {default policy}). RETURN exits the chain and
> returns to the previous chain unless it's one of the root chains, such
> as POSTROUTING in the nat table. If the default policy is ACCEPT, then
> RETURN will act the same as ACCEPT in the POSTROUTING chain. If the
> default policy is REJECT, then RETURN will act the same as REJECT. In
> most cases, the default default policy is ACCEPT and the result will be
> the same, but not all.
Ahh of course. Thank you for explaining that.
Paul
More information about the Users
mailing list