[Openswan Users]
NAT between to ipsec-connections with kernel 2.6.7 / openswan 2.3.0
Markus Meissner
mlist at meissner.it
Tue Feb 15 18:21:28 CET 2005
Hi,
I have been using the following setup for years now with a 2.4 kernel and
freeswan 2.x:
intranet A - ipsec - official server B - masq - ipsec - intranet C
I am working in intranet A, using a machine in intranet C. As intranet B
should not see the intranet A, all packets from A are masqed by the official
server B and than send through ipsec to the intranet C. With kernel 2.4
everything works as expeced.
Now I have to use kernel 2.6.7-k8 with openswan 2.3.0 on the official
server B and the masq doesn't work any longer. Both ipsec-connections from A
to B and from B to C are working, but when I try to masq the packages coming
from A it doesn't work. I *think* that the kernel-ipsec does not care about
masqued packets. Here are the commands I have tried to get the packets masqed:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s A -j MASQUERADE
or
iptables -t nat -A POSTROUTING -d C -j MASQUERADE
or
iptables -t nat -A POSTROUTING -s A -j SNAT --to B
or
iptables -t nat -A POSTROUTING -d C -j SNAT --to B
No rule works. Can anybody give me a hint?
--
Beste Grüße / best regards Markus Meissner
More information about the Users
mailing list