[Openswan Users] nating traffic on client into ipsec-tunnel (was: fc6 iptables problem)
chorn at fluxcoil.net
Fri Apr 6 11:54:18 EDT 2007
maybe a good point to ask how to nat packets from a local lan-segment
into an ipsec-tunnel.
The tunnel is established on server A and uses the NETKEY-stack.
Server B can reach server A via local network, no hops involved.
It should be able so send packets to A that are NATed by A and sent
into the tunnel, appearing to originate from A.
I tried this:
iptables -t mangle -A INPUT -p tcp -s $server_b_ip -j MARK --set-mark 50
iptables -t mangle -L -v
# on executing this i see the rule is triggered with remote packets
iptables -t nat -A POSTROUTING -m mark --mark 50 -j MASQUERADE
# this should do the natting
iptables -t nat -L -v
The last command and the result show that the packets are not natted.
More information about the Users