[Openswan Users] SNAT before IPSEC, confirming versions

Oliver Schulze L. oliver at samera.com.py
Thu Jul 12 09:55:20 EDT 2007

I have reading about doing SNAT before IPSEC in the same box
where a IPSEC tunnel is running.

I wanted to confirm the versions of the programs that works in this

Network: -> PUBLIC_IP1 -> Internet PUBLIC_IP2 ->

- the tunnel is between PUBLIC_IP1 and PUBLIC_IP2
- the ping from PUBLIC_IP1 to PUBLIC_IP2 works
- the ping from to PUBLIC_IP2 does not work

- RHEL4.5 (Centos 4.5)
- kernel 2.6.9-55.0.2.ELsmp
- iptables v1.2.11

- iptables does not have the -m policy option
- I want to SNAT all packet going to PUBLIC_IP2, with:
  iptables -t nat -A POSTROUTING -s -d PUBLIC_IP2 -j SNAT 
--to-source PUBLIC_IP1

As I see, I need this versions:
- kernel >= 2.6.16
- iptables >= 1.3.5

My options?
- upgrade kernel + iptables?

Many thanks!

Oliver Schulze L.   | http://tinymailto.com/oliver  
Asuncion - Paraguay | http://www.solojuegos.mobi    

More information about the Users mailing list