It does when it's combined with
-i eth1 -p ipv6-crypt -j DNAT --to-destination 192.168.10.10
added to the POSTROUTING chain.
I'm forwarding IPSEC traffic on to a PIX box internally that's handling a VON for en external support company. I know. I wouldn't have done it like this, but this is how the customer wants it, and how they had it with their SME 7.6 box.
The question is not what I'm trying to do, it's the original question - how do I add iptables rules that can not be handled by by the web interface?
A.
A.