On Friday 2013-01-11 20:21, Bharath Kumar wrote: >I have a scenario where I need to redirect all the traffic (destined to >various hosts on the rightsubnet) coming in via the ESP tunnel to be >redirected to a local squid proxy. Without the IPSec/ESP, the approach would >have been to do a DNAT in the PREROUTING chain of IPTables. That doesn't >apply for ESP case because the actual IP packet is encapsulated/encrypted.
After decapsulation, packets reenter the packet filter. Hence, something like -A PREROUTING -m policy --dir in --pol ipsec -p tcp --dport 80 ... ... -j TPROXY --on-port 3128 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
