Daniel Lopes lopsch at
Tue Apr 12 21:11:27 CEST 2005

Eduardo Spremolla schrieb:
> I have 2 local networks and interconnected by
> a ipsec tunnel running on kernel 2.6 native ipsec. So far so good.
> Now the admin of wants me to NAT my network to
> because he had a ip conflict. I cant SNAT because when the packet goes
> to nat post it has been encapsulated in ESP and had the firewalls
> address, as you can see in the bottom log snipe.I try to use NETMAP in
> mangle PREROUTING, but it changes the dest ip , not the source.
> Is this possible?
> Thanks in advance for any clue.
According to, besides I don´t 
really know how and when NETMAP interacts, it should work if you use an 
Interface for IPSec like the alternative IPSec stack implemented by 
FreeS/WAN. For the native stack I don´t know if it will work you will 
need to know when it exactly interacts. It will probably only work when 
implemented directly into the IPSec stack.

More information about the netfilter mailing list