Re: Openswan, iptables (fiaif) and 2.6.16 kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 2.6.16 does a second policy lookup after SNAT, you probably SNAT
> the packets to an address that doesn't match the policy anymore.

Could you please give pointers where is it documented? All documents I have 
suggest that SNAT is done as the last step, so any rule should use real and 
not SNAT'ed address.

Thank you

Andrey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEQSWUR6LMutpd94wRAtJ0AJ45p5p54hDdyyjBPWejRtlr+DoNdQCgy1/3
H2MtVmha+rE6vRxzkdSrrI8=
=RHjq
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Prev by Date: Re: Direct writing to the IDE on panic?
Next by Date: [PATCH] parport_pc: fix section mismatch warnings (v2)
Previous by thread: Re: Openswan, iptables (fiaif) and 2.6.16 kernel
Next by thread: Linux with CAN over SPI
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]