/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Andre Henry <[EMAIL PROTECTED]> wrote: > > I have been searching the web with no luck. Is it possible to apply > NAT before a local process ex Freeswan? FreeSWAN is not a local process. It is a kernel module, and therefore becomes part of your running OS, just like iptables. The processes you run in order to start up FreeSWAN are used for things like keeping state of connections, and key exchanges, but they do not handle the packets that get encrypted and sent back and forth. That is done by the kernel itself. In its simplest form, FreeSWAN's implementation creates a virtual network interface, such as "ipsec0". As far as iptables is concerned, this interface is no different from an "eth0" or a "ppp0" interface. Packets route in and out. The fact that they are encrypted, and tunnelled to another network, is unimportant to ipchains. > What I find seems to say no because NAT is on the forward chain and if > Freeswan runs on the NAT server then packets destined for Freeswan > don't hit the forward chain. All packets that forward from one interface to another (such as from eth0 to ppp0, or from ppp0 to ipsec0) will cross the forward chain. All of them. NAT is not performed on the forward chain. It is performed on the prerouting chain of the nat table. The forward chain merely allows the traffic to proceed (or not). Perhaps you should describe your setup, and what you are trying to do. -- [EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience. sometimes known as David DeSimone || Experience comes from bad judgment." _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
