[Openswan Users] netkey nat problem

Paul Wouters paul at xelerance.com
Thu Jan 21 23:37:56 EST 2010

On Thu, 21 Jan 2010, Michael H. Warfield wrote:

>> Shouldn't that be RETURN instead of ACCEPT? Perhaps the result is the same.
> Only if the default policy is ACCEPT in the POSTROUTING chain (iptables
> -t nat -P POSTROUTING {default policy}).  RETURN exits the chain and
> returns to the previous chain unless it's one of the root chains, such
> as POSTROUTING in the nat table.  If the default policy is ACCEPT, then
> RETURN will act the same as ACCEPT in the POSTROUTING chain.  If the
> default policy is REJECT, then RETURN will act the same as REJECT.  In
> most cases, the default default policy is ACCEPT and the result will be
> the same, but not all.

Ahh of course. Thank you for explaining that.


More information about the Users mailing list