Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Mangling After Freeswan

From: Jake Harris (harrisj_at_schizopolis.net)
Date: Thu May 09 2002 - 17:24:26 CEST

Next message: Eric K Parsons: "[Users] Client Software"
Previous message: Jason A. Pattie: "Re: [Users] Sentinel issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

Rephrasing the question from my earlier explorations of NAT, Opportunism, and
Freeswan: Is there any possible way to do packet mangling of the source address
on the same machine on the outgoing packet AFTER it has been through the IPSEC
code? It seems that iptables is only applied before KLIPS does its work on the
outgoing packet. I am well aware that packet mangling wreaks havoc with IPSEC
under many circumstances (for instance, it would be dumb to use anything besides
ESP tunnel mode), but I would like to do this so that my outgoing packets would
be limited to using just the internal address as the source address (to get
Freeswan to work, I have to mangle packets to use the external address for their
source. This means packets leave with the external address).

Does anybody have any good suggestions as to how I could do this? Or am I pretty
much without hope here? Thanks in advance for your help.

Yours,
Jake
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Eric K Parsons: "[Users] Client Software"
Previous message: Jason A. Pattie: "Re: [Users] Sentinel issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST