[Openswan Users] NAT between to ipsec-connections with kernel 2.6.7 / openswan 2.3.0

Markus Meissner mlist at meissner.it
Tue Feb 15 18:21:28 CET 2005


I have been using the following setup for years now with a 2.4 kernel and 
freeswan 2.x:

intranet A - ipsec - official server B - masq - ipsec - intranet C

I am working in intranet A, using a machine in intranet C. As intranet B 
should not see the intranet A, all packets from A are masqed by the official 
server B and than send through ipsec to the intranet C. With kernel 2.4 
everything works as expeced.

Now I have to use kernel  2.6.7-k8 with openswan 2.3.0 on the official 
server B and the masq doesn't work any longer. Both ipsec-connections from A 
to B and from B to C are working, but when I try to masq the packages coming 
from A it doesn't work. I *think* that the kernel-ipsec does not care about 
masqued packets. Here are the commands I have tried to get the packets masqed:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s A -j MASQUERADE
iptables -t nat -A POSTROUTING -d C -j MASQUERADE
iptables -t nat -A POSTROUTING -s A -j SNAT --to B
iptables -t nat -A POSTROUTING -d C -j SNAT --to B

No rule works. Can anybody give me a hint?

Beste Grüße / best regards Markus Meissner

More information about the Users mailing list