[Openswan Users] SNAT? (was: openswan not encapsulating packets)

Stefan Denker Stefan at dn-kr.de
Fri May 26 18:49:53 CEST 2006

On Tue, May 23, 2006 at 08:56:13AM +0100, Brian Candler wrote:
> Perhaps he could use a NAT rule to change the source IP to the correct one.

Well, is this possible? I considered doing SNAT myself, but when
searching the Net, i found that "SNAT may change ports", but no
information when ports are mangled. 

What I wanted to do: Given this Scenario:


I grabbed an unused public IP and add an IP-Alias to the Openswan-Box:


Now, as a default all traffic should travel as before, only
IPSec-Traffic generated on the Box itself should origin from the public
IP. I thought SNAT might be the easiest solution...

But will SNAT change the SourcePort in this scenario?
Or are there better ways to archive this? 

Thanks for all the hints.

Granny Aching had been an expert on sheep, even though she called them
"just bags of bones, eyeballs and teeth, lookin' for new ways to die."
[Terry Pratchett, The WeeFree men]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20060526/c8c02909/attachment.bin

More information about the Users mailing list