Re: Openswan, iptables (fiaif) and 2.6.16 kernel

From: Andrey Borzenkov
Date: Sat Apr 15 2006 - 12:56:22 EST

Next message: Randy.Dunlap: "[PATCH] parport_pc: fix section mismatch warnings (v2)"
Previous message: Randy.Dunlap: "Re: Direct writing to the IDE on panic?"
In reply to: Patrick McHardy: "Re: Openswan, iptables (fiaif) and 2.6.16 kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 2.6.16 does a second policy lookup after SNAT, you probably SNAT
> the packets to an address that doesn't match the policy anymore.

Could you please give pointers where is it documented? All documents I have
suggest that SNAT is done as the last step, so any rule should use real and
not SNAT'ed address.

Thank you

Andrey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEQSWUR6LMutpd94wRAtJ0AJ45p5p54hDdyyjBPWejRtlr+DoNdQCgy1/3
H2MtVmha+rE6vRxzkdSrrI8=
=RHjq
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy.Dunlap: "[PATCH] parport_pc: fix section mismatch warnings (v2)"
Previous message: Randy.Dunlap: "Re: Direct writing to the IDE on panic?"
In reply to: Patrick McHardy: "Re: Openswan, iptables (fiaif) and 2.6.16 kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]