[Openswan Users] SNAT before IPSEC, confirming versions
Oliver Schulze L.
oliver at samera.com.py
Thu Jul 12 09:55:20 EDT 2007
Hi,
I have reading about doing SNAT before IPSEC in the same box
where a IPSEC tunnel is running.
I wanted to confirm the versions of the programs that works in this
scenario.
Network:
192.168.1.1 -> PUBLIC_IP1 -> Internet PUBLIC_IP2 -> 192.168.2.1
IPSEC:
- the tunnel is between PUBLIC_IP1 and PUBLIC_IP2
- the ping from PUBLIC_IP1 to PUBLIC_IP2 works
- the ping from 192.168.1.1 to PUBLIC_IP2 does not work
Versions:
- RHEL4.5 (Centos 4.5)
- kernel 2.6.9-55.0.2.ELsmp
- iptables v1.2.11
Iptables:
- iptables does not have the -m policy option
- I want to SNAT all packet going to PUBLIC_IP2, with:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d PUBLIC_IP2 -j SNAT
--to-source PUBLIC_IP1
As I see, I need this versions:
- kernel >= 2.6.16
- iptables >= 1.3.5
My options?
- upgrade kernel + iptables?
Many thanks!
Oliver
--
Oliver Schulze L. | http://tinymailto.com/oliver
Asuncion - Paraguay | http://www.solojuegos.mobi
More information about the Users
mailing list