[Openswan Users] SNAT? (was: openswan not encapsulating packets)
Stefan Denker
Stefan at dn-kr.de
Fri May 26 18:49:53 CEST 2006
On Tue, May 23, 2006 at 08:56:13AM +0100, Brian Candler wrote:
> Perhaps he could use a NAT rule to change the source IP to the correct one.
Well, is this possible? I considered doing SNAT myself, but when
searching the Net, i found that "SNAT may change ports", but no
information when ports are mangled.
What I wanted to do: Given this Scenario:
Internet--Firewall-----------------------OpenswanBox-----Subnet
192.168.20.1 192.168.20.254
I grabbed an unused public IP and add an IP-Alias to the Openswan-Box:
Internet--Firewall-----------------------OpenswanBox-----Subnet
192.168.20.1 192.168.20.254
A.B.C.D
Now, as a default all traffic should travel as before, only
IPSec-Traffic generated on the Box itself should origin from the public
IP. I thought SNAT might be the easiest solution...
But will SNAT change the SourcePort in this scenario?
Or are there better ways to archive this?
Thanks for all the hints.
Stefan
--
Granny Aching had been an expert on sheep, even though she called them
"just bags of bones, eyeballs and teeth, lookin' for new ways to die."
[Terry Pratchett, The WeeFree men]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20060526/c8c02909/attachment.bin
More information about the Users
mailing list