[Openswan Users] nat problem
Paul Wouters
paul at xelerance.com
Wed Apr 19 18:09:08 CEST 2006
On Wed, 19 Apr 2006, Nived Gopalan wrote:
>
> I get the following error when i run ipsec verify command ;
>
> Checking tun0x1002 at x.x.x.x from 192.168.111.0/24 to 192.168.195.0/24
> [FAILED]
> MASQUERADE from 192.168.111.0/24 to 0.0.0.0/0 kills tunnel 192.168.111.0/24 ->
> 192.168.195.0/24
> [FAILED]
>
> I'm able to ping between the openswan hosts/firewall, but not the machines
> behind it. I have added the following firewall rules ..
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.111.0/24 -d !
> 192.168.195.0/24 -j MASQUERADE
If you did not type that rule at the prompt, but put it in a shell script,
you need to escape the "!" with a "\".
also, you need the same exclusion for NATing packets on the other endpoint.
Paul
More information about the Users
mailing list