[Openswan Users] Is this feasable?

Patrick Ford fenderdood at gmail.com
Tue Feb 27 14:34:51 EST 2007


I thin we will need a little more information to tell you definitively...
But, I think your IP Tables rules for NAT will have to be generalized then
before that you will need to put rules to not nat your ipsec connections.
If you are using KLIPS, your ipsecx interface wil be immune from rules  that
you have set up on eth/ath interfaces.

On 27/02/07, Steve McKnelly <thoth1890 at gmail.com> wrote:
>
> Hi all,
>
> I'm working on hardening some connections on a wireless router I
> built.  Specifically, I'd like to have the wireless side use IPSec to
> communicate with the router.  Here's my setup:
>
> ath0 - Wireless Ethernet (Internal Net)
> eth0 - Wire Ethernet (Internal Net)
> eth1 - Wire Ethernet (External Net)
>
> I use iptables to masq ath0/eth0 to eth1.
>
> I read the tutorial, and it mentions adding a line to iptable to
> prevent IPSec packets from escaping the box.  Maybe I'm misreading
> this, but if I did that, wouldn't that prevent data at ath0 from being
> forwarded to the outside connection at eth1?
>
> Thanks,
> Steve
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>



-- 
Computers are incredibly fast, accurate, and stupid; humans are incredibly
slow, inaccurate and brilliant; together they are powerful beyond
imagination.
     -- Albert Einstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070227/28516796/attachment.html 


More information about the Users mailing list