[Openswan Users] One side NAT other side not??
Paul Wouters
paul at xelerance.com
Thu Aug 24 22:59:50 EDT 2006
On Thu, 24 Aug 2006, jham at gnumax.com wrote:
> > iptables -I PREROUTING -i internalinterface -s 10.1.0.0/16 -d 10.2.0.0/16
> > -j ACCEPT
> > iptables -A PREROUTING -i internalinterface -s 10.1.0.0/16 -j SNAT
> > --to-source PublicNATIP
> >
> > This will prevent NATing packets for IPsec.
> >
> > Paul
> > --
> > Building and integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
> Paul,
> Thank you for the quick response!
> I will disregard the info from the SmoothWall forum and comment out the
> left id parmeter and try the iptables PREROUTING rules. I will let you
> know how it goes. If that fails I will forward the usual conf and ipsec
> barf files.
As Andy pointed out, it should be POSTROUTING, not PREROUTING.
> p.s. Great book by the way :)
Thanks :)
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list