[Openswan Users] Firewall, Routing and Tunneling between public networks

Jai Rangi jprangi at gmail.com
Tue Oct 2 02:56:27 EDT 2007 

Hello List,
I am trying to set up a linux server as a router/firewall and set up a SIP
tunneling between two public networks.
My Diagram will be something like this
Internet <-----> Linux Router <--------------> My Internal Network with
Public IPs.
Say My Network IPs are 216.209.14.192/26
I tried this setup.

Internet <----> 216.209.14.197 (ExtIP <- Default Gateway
216.209.14.193Router -> Internal IP)
216.209.14.198 <------> My Servers connected through a switch with IPs
216.209.14.199-254 with Default Gateway 216.209.14.198.
This set up did not work.

If I do this
Internet <----> 216.209.14.197 (ExtIP <- Default Gateway
216.209.14.193Router -> Internal IP)
192.168.1.1 <------> My Servers connected through a switch with IPs
192.168.1.199-254 with Default Gateway 192.168.1.1.

I can go out through ip forwarding like this...
iptables -P FORWARD DROP
iptables -A FORWARD -s ${HUB_LAN} -j ACCEPT
iptables -A FORWARD -d ${HUB_LAN} -j ACCEPT

These rules does not work with public IPs.

My Other Questions are
1. Can I use racoon for SIP tunneling, is there any limit on number of
sessions. Bought a juniper router and found out that the router supports on
16 channels. I need to support at least 400 SIP channels.
2. I have seen a lot of documentation of setting up Masquarding and IP
Forwarding. I made it work but that does not solve my purpose. I need to
assign Public IP to the my machines behind the router so that outside world
can access those machines through router directly.
3. I need to have tunneling with one service provider for network
56.211.34.23/27. For rest of the world I want the traffic to go through the
router without any modification. I might want to add some firewall rules
later for some specific port.

I will appreciate if some one can give me some lead on how can I achieve
this.

Thank you,
JP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071001/a844adb3/attachment.html

More information about the Users mailing list