SNAT and IPSEC
daniel-wittenberg at starken.com
Wed Apr 13 18:08:43 CEST 2005
Couldn't he just SNAT the packets on his side when they become un-
encapsulated? I'm doing this on a couple of my vpn links.
On Tue, 2005-04-12 at 15:08 -0300, Eduardo Spremolla wrote:
> I have 2 local networks 10.2.2.0/24 and 10.37.130.0/24 interconnected by
> a ipsec tunnel running on kernel 2.6 native ipsec. So far so good.
> Now the admin of 10.37.130.0 wants me to NAT my network to 10.3.3.0
> because he had a ip conflict. I cant SNAT because when the packet goes
> to nat post it has been encapsulated in ESP and had the firewalls
> address, as you can see in the bottom log snipe.I try to use NETMAP in
> mangle PREROUTING, but it changes the dest ip , not the source.
> Is this possible?
> Thanks in advance for any clue.
More information about the netfilter