[Openswan Users] Openswan, iptables (fiaif) and 2.6.16 kernel

Marco Berizzi pupilla at hotmail.com
Fri Apr 14 16:24:17 CEST 2006

Laurent CARON wrote:

> is my lan subnet (natted so that lan computers can
> the internet through the public ip address)
> is a workstation on my lan
> is the other subnet

try this on the 2.6.16 gateway:

iptables -t nat -I POSTROUTING -s
-d -j ACCEPT


iptables -t nat -I POSTROUTING -m policy
--dir out --pol ipsec -j ACCEPT

PS: you must upgrade to iptables 1.3.5

More information about the Users mailing list