On Mon, 19 May 2025 06:39:06 +0000 Reinhard Vicinus via Shorewall-users > I am confused, why I do not see packages with source 10.191.2.229 > going out eth0.1903 in the tcpdump output and why the trace ends with > the nat:10.191.2.229:rule line. Has someone an idea what I am doing > wrong or how I can debug the issue further?
That is likely because tcpdump doesn't see outgoing encrypted packets. So for inbound you see ESP and then decrypted packet - so you see same packet "twice" - for outbound you see packet before tunnel but you don't see packet after it has been encrypted. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
