#!/bin/sh
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# 
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# ifconfig eth0:1 inet 192.1.2.111 netmask 255.255.255.0
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# 
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# # NAT North's IP to ours
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# iptables -t nat -F POSTROUTING
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -o eth0+ -p udp -m udp --dport 500  -j SNAT --to-source 192.1.2.254:11000-12000
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -o eth0+ -p udp -m udp --dport 4500 -j SNAT --to-source 192.1.2.111:14000-16000
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# 
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# iptables -A OUTPUT -d 192.0.2.0/24 -j DROP
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# 
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# # Display the table, so we know it is correct.
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       udp  --  any    eth0+   192.1.3.0/24         anywhere             udp dpt:isakmp to:192.1.2.254:11000-12000
    0     0 SNAT       udp  --  any    eth0+   192.1.3.0/24         anywhere             udp dpt:ipsec-nat-t to:192.1.2.111:14000-16000
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# 
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# echo done.
done.
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# ../../pluto/bin/ipsec-look.sh | sed "s/dport [0-9][0-9][0-9][0-9][0-9]/dport DPORT/"
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# : ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# ipsec auto --status
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566825940.671:219060): avc:  denied  { write } for  pid=17351 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=63921051 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566825943.138:219220): avc:  denied  { write } for  pid=19370 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1016581697 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/nat-pluto-07\[root@nic nat-pluto-07]#