[Openswan Users] Routing problems

berton at lafarmaceutica.it berton at lafarmaceutica.it
Sun Feb 11 09:59:56 EST 2007


Hi Paul
I've tried your suggestion but the command finishing with
"-j" is not accepted
It gives me back 

"iptables v1.3.5: Unknown arg '-j'"

Valentino



----- Original Message -----
Da : Paul Wouters <paul at xelerance.com>
A : "berton at lafarmaceutica.it" <berton at lafarmaceutica.it>
Cc: users at openswan.org
Oggetto : Re: [Openswan Users] Routing problems
Data : Sat, 10 Feb 2007 20:13:39 +0100 (CET)

> On Sat, 10 Feb 2007, berton at lafarmaceutica.it wrote:
> 
> > I've setup correctly 2 different VPN and now I'm trying
> > to setup IPTABLES to make all packets coming from LAN to
> > be NAT from this box except than the packet destinated
> to the 2 VPN >
> > the iptable command I'm using is this:
> >
> > iptables -t nat -A POSTROUTING -s ${LAN_IP} -d !
> > 10.10.10.0/24 -j SNAT --to $MY_PUBBLIC_IP_ADDRESS
> >
> > where 10.10.10.0/24 is the range of the LAN on the other
> > side of the first VPN
> >
> > If I insert only this line all works... The Fedora Box
> > correctly NAT all the packets except the ones destinated
> > to the 10.10.10.0/24 LAN that uses the VPN
> >
> > Now when I try to insert a new line for the second VPN
> >
> > iptables -t nat -A POSTROUTING -s ${LAN_IP} -d !
> > 10.10.20.0/24 -j SNAT --to $MY_PUBBLIC_IP_ADDRESS
> >
> > nothing goes.. Everythig is NAT  because the 2
> > instructions are one over the other
> 
> iptables -t nat -A POSTROUTING -s ${LAN_IP} -d
> 10.10.10.0/24 -j RETURN iptables -t nat -A POSTROUTING -s
> ${LAN_IP} -d 10.10.20.0/24 -j RETURN iptables -t nat -A
> POSTROUTING -s ${LAN_IP} -j SNAT --to
> $MY_PUBBLIC_IP_ADDRESS
> 
> Paul
> -- 
> Building and integrating Virtual Private Networks with
> Openswan:
>
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list