On Thu, Nov 17, 2005 at 09:39:58PM +0100, Charles-Edouard Ruault wrote: > > i just realized i had forgotten to flush my nat tables :( when i > reported it did not change. > I just tried again and i was able to pinpoint that nat is indeed the > problem. > I can have all my other netfilter rules and IPSEC works. When i set the > nat rule ( a simple iptables -A POSTROUTING -o eth1 -j MASQUERADE) ,
Aha, this is actually expected. Applying SNAT to IPsec at the moment produces undefined results. If you really need it, you should apply Patrick McHardy's netfilter IPsec patches which can be found on patch-o-matic. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
