SNAT and IPSEC

Eduardo Spremolla edspremolla at antel.com.uy
Wed Apr 13 19:29:11 CEST 2005


That could be the easy way ;-)

LALO

On Wed, 2005-04-13 at 11:08 -0500, Daniel Wittenberg wrote:
> Couldn't he just SNAT the packets on his side when they become un-
> encapsulated?  I'm doing this on a couple of my vpn links.
> 
> Dan
> 
> On Tue, 2005-04-12 at 15:08 -0300, Eduardo Spremolla wrote:
> > I have 2 local networks 10.2.2.0/24 and 10.37.130.0/24 interconnected by
> > a ipsec tunnel running on kernel 2.6 native ipsec. So far so good.
> > 
> > Now the admin of 10.37.130.0 wants me to NAT my network to 10.3.3.0
> > because he had a ip conflict. I cant SNAT because when the packet goes
> > to nat post it has been encapsulated in ESP and had the firewalls
> > address, as you can see in the bottom log snipe.I try to use NETMAP in
> > mangle PREROUTING, but it changes the dest ip , not the source.
> > 
> > Is this possible?
> > 
> > Thanks in advance for any clue.
> > 
> > LALO
> 
> 


Este e-mail y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información.
. . . . . . . . .
This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender inmediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that not is the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.



More information about the netfilter mailing list