Re: Openswan, iptables (fiaif) and 2.6.16 kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 2.6.16 does a second policy lookup after SNAT, you probably SNAT
> the packets to an address that doesn't match the policy anymore.

Could you please give pointers where is it documented? All documents I have 
suggest that SNAT is done as the last step, so any rule should use real and 
not SNAT'ed address.

Thank you

Andrey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEQSWUR6LMutpd94wRAtJ0AJ45p5p54hDdyyjBPWejRtlr+DoNdQCgy1/3
H2MtVmha+rE6vRxzkdSrrI8=
=RHjq
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: Re: Direct writing to the IDE on panic?
• Next by Date: [PATCH] parport_pc: fix section mismatch warnings (v2)
• Previous by thread: Re: Openswan, iptables (fiaif) and 2.6.16 kernel
• Next by thread: Linux with CAN over SPI
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]