I note your last message clearly emphasised that packets from a local process 
are processed twice
via the output path of the graphic.

So, for forwarded traffic (as distinct from locally source packets), I 
understand the packet to
flow through the mangle and nat postrouting chains twice, and the other iptables
output chains for raw, mangle, nat and filter tables only once after encryption.

On the first pass through the mangle and nat postrouting chains, iptables rules 
operate on the unencrypted payload packet and on the second pass on the IP 
headers of
the encrypted IPsec packet.

Am I headed in the right direction please?


Users mailing list

Reply via email to