Ipsec and PREROUTING

Eduardo Spremolla edspremolla at antel.com.uy
Thu Apr 7 14:08:26 CEST 2005


Hi everybody,
I'm trying to configure a box with Linux kernel 2.6 native ipsec, that
now works as a firewall with SNAT.

My internal network is 10.1.1.0/24, but the ipsec tunnel need to se part
of it as 10.2.1.0/24, so my question is:

Once the ipsec packets are decrypted them came again from eth1 that is
my external interface, them were market in mangle PREROUTING to let them
in, but them pass again through filter PREROUTING in order to be
DNATed ?

And other question : are there any debug tool that allow to sniff
packets as them traverse the different tables? Like tcpdump in the point
between PREROUTING and FORWARD.


Many thanks in advance.

LALO  



More information about the netfilter mailing list