[Openswan Users] SNAT before IPSec, cookbook recipe
"Adrián R. Sanchez"
adrian_sanchez at actionline.com.ar
Fri Mar 31 12:35:16 CEST 2006
ted leslie wrote:
> can you post or send me your configs as example,
> in particular the iptables rules?
> i am dying to see this.
>
> -tl
>
>
1 - Install a Fedora Core 5, which ships with iptables 1.3.5 and
OpenSWAN 2.4.4
2 - Download and install the latest 2.6.16 kernel rpm from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/i386/kernel-2.6.16-1.2069_FC5.i686.rpm
3 - A sample setup:
- Internal host: 192.168.1.2
- IPSec + NAT Box: 200.0.0.1 (and 200.0.0.2 for natting the internal host)
- Remote IPSec box: 200.10.10.1
- Remote host to be reached: 200.10.10.2
Relevant part of ipsec.conf:
conn example
left=200.0.0.1
leftsubnet=200.0.0.2/32
right=200.10.10.1
rightsubnet=200.10.10.2/32
[...]
Relevant part of iptables code:
iptables -t nat -A POSTROUTING -s 192.268.1.2 -d 200.10.10.2 -j SNAT
--to 200.0.0.2
And that's it!!
--
Adrián R. Sanchez
Dpto. de Tecnología
Actionline de Argentina S.A.
Viamonte 570 (C1053ABL)
Buenos Aires, Argentina
Tel.: +54 11 5093-3905
More information about the Users
mailing list