I thin we will need a little more information to tell you definitively... But, I think your IP Tables rules for NAT will have to be generalized then before that you will need to put rules to not nat your ipsec connections. If you are using KLIPS, your ipsecx interface wil be immune from rules that you have set up on eth/ath interfaces.
<br><br><div><span class="gmail_quote">On 27/02/07, <b class="gmail_sendername">Steve McKnelly</b> <<a href="mailto:thoth1890@gmail.com">thoth1890@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br><br>I'm working on hardening some connections on a wireless router I<br>built. Specifically, I'd like to have the wireless side use IPSec to<br>communicate with the router. Here's my setup:<br><br>
ath0 - Wireless Ethernet (Internal Net)<br>eth0 - Wire Ethernet (Internal Net)<br>eth1 - Wire Ethernet (External Net)<br><br>I use iptables to masq ath0/eth0 to eth1.<br><br>I read the tutorial, and it mentions adding a line to iptable to
<br>prevent IPSec packets from escaping the box. Maybe I'm misreading<br>this, but if I did that, wouldn't that prevent data at ath0 from being<br>forwarded to the outside connection at eth1?<br><br>Thanks,<br>Steve
<br>_______________________________________________<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users
</a><br>Building and Integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br></blockquote></div><br><br clear="all"><br>-- <br>Computers are incredibly fast, accurate, and stupid; humans are incredibly slow, inaccurate and brilliant; together they are powerful beyond imagination.<br> -- Albert Einstein