my main goal (what ever the best way to accomplish it) is to have nat
setup (so my nodes on the lan can access internet) and allow traffic
through my vpn tunnels (when destined for the 5 other subnets).<br><br>
<div class="vbclean_msgtext" id="post_message_4839880">I have setup a nat (with iptables), and openswan...<br>
with no iptables statements my vpn works great to all subnets on the
other side (<a href="http://10.0.0.0/24">10.0.0.0/24</a>, <a href="http://10.1.0.0/16">10.1.0.0/16</a>, etc...). When I setup iptables it
tries to send all traffic out the internet interface. My nat statment
is <div style="margin: 5px 20px 20px;">
        <div class="smallfont" style="margin-bottom: 2px;">Code:</div>
        <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 34px; text-align: left;">iptables -t nat -A POSTROUTING -o eth0 -s <a href="http://10.6.0.0/16">10.6.0.0/16</a> -d 0/0 -j MASQUERADE</pre>
</div> (maybe someone can specify a better way - if so please let me know). <br>
Okay so I flush my iptables <div style="margin: 5px 20px 20px;">
        <div class="smallfont" style="margin-bottom: 2px;">Code:</div>
        <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 34px; text-align: left;">iptables -t nat -F</pre>
</div> and setup this statment telling it to not nat traffic from <a href="http://10.6.0.0">10.6.0.0</a> going to <a href="http://10.0.0.0/24">10.0.0.0/24</a> <div style="margin: 5px 20px 20px;">
        <div class="smallfont" style="margin-bottom: 2px;">Code:</div>
        <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 34px; text-align: left;">iptables -t nat -A POSTROUTING -o eth0 -s <a href="http://10.6.0.0/16">10.6.0.0/16</a> -d ! <a href="http://10.0.0.0/24">10.0.0.0/24</a> -j MASQUERADE</pre>
</div>works great, until i add an addional subnet <div style="margin: 5px 20px 20px;">
        <div class="smallfont" style="margin-bottom: 2px;">Code:</div>
        <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 34px; text-align: left;">iptables -t nat -A POSTROUTING -o eth0 -s <a href="http://10.6.0.0/16">10.6.0.0/16</a> -d ! <a href="http://10.1.0.0/16">10.1.0.0/16</a> -j MASQUERADE</pre>
</div>once the two commands are in the nat table then nothing works.<br>
someone please help me!!!<br>
<br>
again my main goal (what ever the best way to accomplish it) is to have nat
setup (so my nodes on the lan can access internet) and allow traffic
through my vpn tunnels (when destined for the 5 other subnets).<br>
<br>
thanks in advance!</div><br clear="all"><br>-- <br><br>Shaun Curry<br>BS-InformationTechnology<br>936.718.2175