[Openswan Users] iptables checklist for ipsec newbies - SOLVED
Andreas Lüdtke
andi.luedtke at gmx.de
Thu Jan 12 15:49:36 CET 2006
> If your subnet is 10.0.1.0/24 and you have something like :
>
> -A POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE
>
> You need to change it to :
> -A POSTROUTING -s 10.0.1.0/24 -d ! 10.0.2.0/24 -o eth0 -j MASQUERADE
>
> That's for "Switch off masquerading betwwen the 2 subnets"
>
> After that, you'll have to permit traffic in the forward
> chain from/to
> ipsec0 to your subnet :
>
> -A FORWARD -i ipsec0 -o eth1 -s 10.0.2.0/24 -d 10.0.1.0/24 -j ACCEPT
>
> Nicolas
Hi Nicolas,
now my vpn connection works as expected! It was the missing forwarding to my subnet.
Thanks
Andreas
More information about the Users
mailing list