2.6 IPSEC + SNAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi:

I have received bug reports saying that SNAT does not work when the
packets have to be SNATed before they can enter an IPSEC tunnel
under the 2.6 IPSEC stack.

The problem is that SNAT can only be performed in POSTROUTING while
IPSEC policy lookups are done at the same time as the route lookup.

Has anyone else thought about this problem?

I have considered introducing a new NAT chain between filtering
and routing where you can place SNAT rules into.  Of course, the
same thing applies to reverse DNAT rules as well.

Any opinions on this would be appreciated.

Thanks,
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Photo]     [Yosemite]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]     [Video 4 Linux]     [Linux Resources]

Add to Google