[CentOS] ipsec nat issue

Sat Oct 13 22:04:03 UTC 2012
Steve Clark <sclark at netwolves.com>


I have the following setup on linux 2.6.32... CentOS 6.x :

ipsec tunnel eth0- - eth1-pub add1 <-> eth1-pub add2 -

I am trying to SNAT remote private address packets when
they come out of the ipsec tunnel to make it appear like it was from local
address I am doing a source ping from the right side to a
device on the left subnet ping -I
but it doesn't work - see below.

iptables -t nat -I POSTROUTING -o eth0 -s -d -j
SNAT --to-source

Chain POSTROUTING (policy ACCEPT 6 packets, 456 bytes)
   pkts bytes target     prot opt in     out     source               destination
      0     0 SNAT       all  --  *      eth0

$ sudo tcpdump -nli eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:20:17.772396 IP > ICMP echo request, id 52588, seq
62, length 64
15:20:18.777272 IP > ICMP echo request, id 52588, seq
63, length 64
15:20:19.772572 IP > ICMP echo request, id 52588, seq
64, length 64
15:20:20.770681 IP > ICMP echo request, id 52588, seq
65, length 64

I would expect to be replaced with what am I missing?
Is this possible
I could do it when we were using FreeBSD.

I didn't find anything googling.



"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)