[Openswan Users] Routing problems

Paul Wouters paul at xelerance.com
Sat Feb 10 14:13:39 EST 2007


On Sat, 10 Feb 2007, berton at lafarmaceutica.it wrote:

> I've setup correctly 2 different VPN and now I'm trying to
> setup IPTABLES to make all packets coming from LAN to be NAT
> from this box except than the packet destinated to the 2 VPN
>
> the iptable command I'm using is this:
>
> iptables -t nat -A POSTROUTING -s ${LAN_IP} -d !
> 10.10.10.0/24 -j SNAT --to $MY_PUBBLIC_IP_ADDRESS
>
> where 10.10.10.0/24 is the range of the LAN on the other
> side of the first VPN
>
> If I insert only this line all works... The Fedora Box
> correctly NAT all the packets except the ones destinated to
> the 10.10.10.0/24 LAN that uses the VPN
>
> Now when I try to insert a new line for the second VPN
>
> iptables -t nat -A POSTROUTING -s ${LAN_IP} -d !
> 10.10.20.0/24 -j SNAT --to $MY_PUBBLIC_IP_ADDRESS
>
> nothing goes.. Everythig is NAT  because the 2 instructions
> are one over the other

iptables -t nat -A POSTROUTING -s ${LAN_IP} -d 10.10.10.0/24 -j RETURN
iptables -t nat -A POSTROUTING -s ${LAN_IP} -d 10.10.20.0/24 -j RETURN
iptables -t nat -A POSTROUTING -s ${LAN_IP} -j SNAT --to $MY_PUBBLIC_IP_ADDRESS

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list