Fwd: [Openswan Users] how can i exclude multiple subnets from
one side
John A. Sullivan III
jsullivan at opensourcedevelopmentcorp.com
Sat Sep 18 13:19:27 CEST 2004
We do this with iproute on the ISCS project
(http://iscs.sourceforge.net) The details are in the iproute2 slide show
in the training section. I think you will particularly want the
Supernetted from.PEP slide. I confess that I did not take a lot of time
to think about it but I believe this is what you want. Good luck - John
On Sat, 2004-09-18 at 09:33, Abdul-Wahid Paterson wrote:
> IN this case I don't want to drop them...I just want them to go out
> through eth0 which is the default route rather than through ipsec0.
>
> Thanks,
>
> Abdul-Wahid
>
>
>
>
> On Sat, 18 Sep 2004 09:17:16 -0400, Ted Kaczmarek <tedkaz at optonline.net> wrote:
> >
> >
> > On Sat, 2004-09-18 at 08:01, Abdul-Wahid Paterson wrote:
> > > Hi,
> > >
> > > I have a big network with many different class C's, on one of my
> > > remote sites I want to be able to have...
> > >
> > >
> > > leftsubnet=192.168.0.0/255.255.0.0
> > >
> > > but I want to be able to exlude 3 subnets from this...e.g.
> > >
> > > 192.168.15.0/255.255.255.0
> > > 192.168.47.0/255.255.255/0
> > > and
> > > 192.168.55.0/255.255.255.0
> > >
> > > is there any way I can exlude mutliple subnets ?
> >
> > >
> > >
> > > AW
> >
> > You could use iptables to just drop the packets, you may also want to
> > log them as well. Otherwise you may have to create separate tunnels.
> > If their is a way to do such exclusions I am interested as well :-)
> >
> > Ted
> >
> >
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
--
John A. Sullivan III
Open Source Development Corporation
Financially sustainable open source development
http://www.opensourcedevel.com
More information about the Users
mailing list