On Thu, 2011-11-17 at 11:10 -0500, Benjamin LaHaise wrote: > Why not use a tun/tap interface set up with a private ip address which the > vpn application causes to be masqueraded by the host? That should work and > be portable across all kernel versions.
Yeah, that's one of of the options. But still you have to set up NAT on the host. And make sure you don't conflict with any IP address ranges which might appear on local networks, or on the VPN. It doesn't really meet the "set it up nicely" criterion :) If you can screw with iptables rules to set up NAT, you might as well just screw with iptables rules to block and capture the TCP packets you want. Either way, it's a pain in the arse. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
