[Openswan Users] Firewall Problems - Don't mascarade for many networks

Frederico Madeira fmadeira at gmail.com
Wed Jul 19 10:33:08 CEST 2006


Hi,

In my network i have a gateway to access internet, it have a rule on
iptables to mascarade connections to internet:

$IPTABLES -t nat -A POSTROUTING -o $TELEMAR_INTERFACE  -j MASQUERADE

In this same gateway, using openswan, i made a vpn connection to one
custommer called VPN1, so i change this rule on my firewall:

VPN1= 192.168.0.1/24
$IPTABLES -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -d ! $VPN1 -j MASQUERADE

At this ponit all work fine.

I need to make other vpn connnection with other custommer, so i add
this line to my firewall:
VPN1= 192.168.0.1/24
VPN2= 192.168.0.2/24
$IPTABLES -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -d ! $VPN1 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -d ! $VPN2 -j MASQUERADE

And connections to VPN2 don't work because it is mascarade by first rule.

How i resolve this problem, to allow more than one vpn connections on
nat gateway ??

Thanks.

Fred


-- 
Frederico Madeira
fmadeira at gmail.com


More information about the Users mailing list