I note your last message clearly emphasised that packets from a local process
are processed twice
via the output path of the graphic.
So, for forwarded traffic (as distinct from locally source packets), I
understand the packet to
flow through the mangle and nat postrouting chains twice, and the other iptables
output chains for raw, mangle, nat and filter tables only once after encryption.
On the first pass through the mangle and nat postrouting chains, iptables rules
operate on the unencrypted payload packet and on the second pass on the IP
the encrypted IPsec packet.
Am I headed in the right direction please?
Users mailing list