[Openswan Users] SNAT before IPSEC, confirming versions

Oliver Schulze L. oliver at samera.com.py
Thu Jul 12 09:55:20 EDT 2007


Hi,
I have reading about doing SNAT before IPSEC in the same box
where a IPSEC tunnel is running.

I wanted to confirm the versions of the programs that works in this
scenario.

Network:
192.168.1.1 -> PUBLIC_IP1 -> Internet PUBLIC_IP2 -> 192.168.2.1

IPSEC:
- the tunnel is between PUBLIC_IP1 and PUBLIC_IP2
- the ping from PUBLIC_IP1 to PUBLIC_IP2 works
- the ping from 192.168.1.1 to PUBLIC_IP2 does not work

Versions:
- RHEL4.5 (Centos 4.5)
- kernel 2.6.9-55.0.2.ELsmp
- iptables v1.2.11

Iptables:
- iptables does not have the -m policy option
- I want to SNAT all packet going to PUBLIC_IP2, with:
  iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d PUBLIC_IP2 -j SNAT 
--to-source PUBLIC_IP1

As I see, I need this versions:
- kernel >= 2.6.16
- iptables >= 1.3.5

My options?
- upgrade kernel + iptables?

Many thanks!
Oliver

-- 
Oliver Schulze L.   | http://tinymailto.com/oliver  
Asuncion - Paraguay | http://www.solojuegos.mobi    



More information about the Users mailing list