NAT before IPsec with 2.6
Henrik Nordstrom
hno@marasystems.com
Fri, 23 Jan 2004 15:24:19 +0100 (CET)
On Fri, 23 Jan 2004, Michal Ludvig wrote:
> I.e. the postrouting on the unencrypted packet is really called right
> before it gets encrypted. And the encrypted packet then hits the
> POSTROUTING again, but it's already a different packet, actually.
My issue is with packets not destinated for an IPSec tunnel.. from what I
read your patch these will hit POSTROUTING twice. But maybe I misread your
patch?
Regards
Henrik