[Openswan Users]
Stefan Denker
Stefan at dn-kr.de
Thu Jul 20 18:15:24 CEST 2006
On Wed, Jul 19, 2006 at 09:33:08AM -0300, Frederico Madeira wrote:
> I need to make other vpn connnection with other custommer, so i add
> this line to my firewall:
> VPN1= 192.168.0.1/24
> VPN2= 192.168.0.2/24
At first, these are not valid subnet-declarations. All Host-Bytes should
be set to zero. This would equalize them to 192.168.0.0/24
> $IPTABLES -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -d ! $VPN1 -j
> MASQUERADE
> $IPTABLES -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -d ! $VPN2 -j
> MASQUERADE
> And connections to VPN2 don't work because it is mascarade by first rule.
The first matching rule is applied to the packet, yes.
so you can use:
iptables -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -d $VPN1 -j ACCEPT
iptables -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -d $VPN2 -j ACCEPT
... [repeat for every VPN you've got]
iptables -t nat -A POSTROUTING -o $TELEMAR_INTERFACE -j MASQUERADE
> How i resolve this problem, to allow more than one vpn connections on
> nat gateway ??
HTH
Stefan
--
- "What're quantum mechanics?"
- "I don't know. People who repair quantums, I suppose."
-- (Terry Pratchett, Eric)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20060720/f66e8d60/attachment.bin
More information about the Users
mailing list