[Openswan Users] iptables checklist for ipsec newbies - SOLVED

Andreas Lüdtke andi.luedtke at gmx.de
Thu Jan 12 15:49:36 CET 2006


> If your subnet is 10.0.1.0/24 and you have something like :
> 
> -A POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE
> 
> You need to change it to :
> -A POSTROUTING -s 10.0.1.0/24 -d ! 10.0.2.0/24 -o eth0 -j MASQUERADE
> 
> That's for "Switch off masquerading betwwen the 2 subnets"
> 
> After that, you'll have to permit traffic in the forward 
> chain from/to 
> ipsec0 to your subnet :
> 
> -A FORWARD -i ipsec0 -o eth1 -s 10.0.2.0/24 -d 10.0.1.0/24 -j ACCEPT
> 
> Nicolas

Hi Nicolas,

now my vpn connection works as expected! It was the missing forwarding to my subnet.

Thanks

	Andreas



More information about the Users mailing list