#/usr/sbin/named
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# iptables -F
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# iptables -F -t nat
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# # put east behind NAT portforward
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# iptables -I PREROUTING -t nat -i eth1 -p udp --dport  500 -j DNAT --to 192.1.2.23:500
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# iptables -I PREROUTING -t nat -i eth1 -p udp --dport 4500 -j DNAT --to 192.1.2.23:4500
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# iptables -I PREROUTING -t nat -i eth1 -p tcp --dport  22 -j DNAT --to 192.1.2.23:22
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# # and behind NAT
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# iptables -I POSTROUTING -t nat -j SNAT -s 192.1.2.23/32 --to 192.1.2.123
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# 
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# # No tunnels should have established but a shunt should exist
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --shuntstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --shuntstatus' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# ipsec auto --status
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566825603.622:206100): avc:  denied  { write } for  pid=15389 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=63539633 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/newoe-23-reverse-nat\[root@nic newoe-23-reverse-nat]#