[Openswan Users] nating traffic on client into ipsec-tunnel (was: fc6 iptables problem)

Christian Horn chorn at fluxcoil.net
Fri Apr 6 11:54:18 EDT 2007


maybe a good point to ask how to nat packets from a local lan-segment
into an ipsec-tunnel.
The tunnel is established on server A and uses the NETKEY-stack. 
Server B can reach server A via local network, no hops involved.
It should be able so send packets to A that are NATed by A and sent
into the tunnel, appearing to originate from A.

I tried this:

iptables -t mangle -A INPUT -p tcp -s $server_b_ip -j MARK --set-mark 50

iptables -t mangle -L -v
# on executing this i see the rule is triggered with remote packets

iptables -t nat -A POSTROUTING -m mark --mark 50 -j MASQUERADE
# this should do the natting

iptables -t nat -L -v

The last command and the result show that the packets are not natted.

Any ideas?


More information about the Users mailing list