[Openswan Users] VPN and NAT issues
Chris Lyon
chris at qxzi.net
Wed Oct 27 16:31:04 CEST 2004
So, I am trying to use NAT to solve the problem below because of an IP
addressing conflict issue but I am not having much luck. Basically all of
the Site A needs to get to only a few devices at each site B&C so I am
trying to do PREROUTING NAT on the far end systems. I have the tunnels up
and I can see the traffic getting to the remote side on ipsec0 but I just
can't get it to NAT from the 1.1.1.1 to the real 10.10.1.1.
Command that I think should work
iptables -t nat -A PREROUTING -d 1.1.1.1 -j DNAT --to 10.10.1.1
Any ideas? Layout and configs are below.
Site A eth0 - 192.168.254.0/24----------Internet------Site B eth0 -
10.10.0.0/16
\
NAT FROM 1.1.1.1 10.10.1.1 example
\--------Internet------Site C eth0
- 10.10.0.0/16
NAT FROM 1.1.1.1 10.10.1.1 example
So here are the configurations:
Site A
conn site_a-to-site_b
#---------(local side is left side)
left=<public site a>
leftsubnet=192.168.254.0/24
leftnexthop=%defaultroute
#---------(remote side is right side)
right=<public site b>
rightsubnet=1.1.0.0/16
#---------Auto Key Stuff
pfs=yes
auth=esp
authby=secret
esp=3des-md5-96
keylife=8h
keyingtries=0
Site B
conn site_b-to-site_a
#---------(local side is left side)
left=<public site b>
leftsubnet=1.1.0.0/16
leftnexthop=%defaultroute
#---------(remote side is right side)
right=<public site a>
rightsubnet=192.168.254.0/24
#---------Auto Key Stuff
pfs=yes
auth=esp
authby=secret
esp=3des-md5-96
keylife=8h
keyingtries=0
More information about the Users
mailing list