[Openswan Users] Setting up VPN between Linux box and Fortigate firewall

Paul Wouters paul at xelerance.com
Wed Aug 23 08:54:52 EDT 2006


On Wed, 23 Aug 2006, Rhys Johnson wrote:

> Ok I can ping from both sides now. However how can I ensure that only
> traffic destined for the remote subnet will be encrypted? All other
> traffic should proceed out the default gateway as normal.

If there is no ipsec policy for the source-destination combination,
packets will flow "normally".

> I also added the following firewall rule so that packets to the remote
> subnet weren't NATed
> # Masquerade the connection out eth1
> iptables -t nat -A POSTROUTING -o $EXTERNAL_IF -d ! 192.168.1.0/24 -j
> SNAT --to-source $EXTERNAL_IP

Does that exclamation mark have a backslash in front of it? For shell
scripts that is needed so it won't expand. I always use -d \ !

Paul


More information about the Users mailing list