[Openswan Users] 26Sec to OpenSwan-1.0.3 dual-subnet routing problem

Charles Jones linkst8.ipsec at scriptable.net
Mon Jun 14 02:32:32 CEST 2004


Back in the day, Herbert Xu said:
> linkst8.ipsec at scriptable.net wrote:
> >
> >    /usr/sbin/iptables -t nat -I POSTROUTING -o $EINT -d ! $gw -j MASQUERADE
> 
> If this is the script on the 26sec machine then please try removing
> the MASQUERADE rule.  Applying MASQUERADE rules on a 26sec stack
> to IPsec packets results in unexpected behaviour like this.

Thanks for the suggestion, but the "!" in the above iptables statement
is there to ensure that masquerading is not performed on the traffic
from the listed ipsec gateway.  Or am I mis-interpreting your advice?

-- 
For a copy of my public key, send an email to gpgkeys _at_ scriptable _dot_ net with "send pgp key" in the subject.

There are 10 kinds of people in the world: Those who understand binary and those who don't...


More information about the Users mailing list