[Openswan Users] Setting up VPN between Linux box and Fortigate firewall
Paul Wouters
paul at xelerance.com
Wed Aug 23 08:54:52 EDT 2006
On Wed, 23 Aug 2006, Rhys Johnson wrote:
> Ok I can ping from both sides now. However how can I ensure that only
> traffic destined for the remote subnet will be encrypted? All other
> traffic should proceed out the default gateway as normal.
If there is no ipsec policy for the source-destination combination,
packets will flow "normally".
> I also added the following firewall rule so that packets to the remote
> subnet weren't NATed
> # Masquerade the connection out eth1
> iptables -t nat -A POSTROUTING -o $EXTERNAL_IF -d ! 192.168.1.0/24 -j
> SNAT --to-source $EXTERNAL_IP
Does that exclamation mark have a backslash in front of it? For shell
scripts that is needed so it won't expand. I always use -d \ !
Paul
More information about the Users
mailing list