[strongSwan] Diagram
Brian O'Connor
vk4gtw at bigpond.com
Tue Oct 18 22:11:33 CEST 2016
Noel,
I note your last message clearly emphasised that packets from a local process are processed twice
via the output path of the graphic.
So, for forwarded traffic (as distinct from locally source packets), I understand the packet to
flow through the mangle and nat postrouting chains twice, and the other iptables
output chains for raw, mangle, nat and filter tables only once after encryption.
On the first pass through the mangle and nat postrouting chains, iptables rules would
operate on the unencrypted payload packet and on the second pass on the IP headers of
the encrypted IPsec packet.
Am I headed in the right direction please?
Brian
More information about the Users
mailing list