[Openswan Users] SNAT before IPSec, cookbook recipe

"Adrián R. Sanchez" adrian_sanchez at actionline.com.ar
Fri Mar 31 12:35:16 CEST 2006


ted leslie wrote:
> can you post or send me your configs as example,
> in particular the iptables rules?
> i am dying to see this.
>
> -tl
>
>   


1 - Install a Fedora Core 5, which ships with iptables 1.3.5 and 
OpenSWAN 2.4.4
2 - Download and install the latest 2.6.16 kernel rpm from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/i386/kernel-2.6.16-1.2069_FC5.i686.rpm

3 - A sample setup:

- Internal host: 192.168.1.2
- IPSec + NAT Box: 200.0.0.1 (and 200.0.0.2 for natting the internal host)
- Remote IPSec box: 200.10.10.1
- Remote host to be reached: 200.10.10.2

Relevant part of ipsec.conf:

conn example
    left=200.0.0.1
    leftsubnet=200.0.0.2/32
    right=200.10.10.1
    rightsubnet=200.10.10.2/32
    [...]


Relevant part of iptables code:

iptables -t nat -A POSTROUTING -s 192.268.1.2 -d 200.10.10.2 -j SNAT 
--to 200.0.0.2


And that's it!!




-- 

Adrián R. Sanchez
Dpto. de Tecnología

Actionline de Argentina S.A.
Viamonte 570 (C1053ABL)
Buenos Aires, Argentina
Tel.: +54 11 5093-3905




More information about the Users mailing list