[Openswan Users] openswan, alias interface and advanced routing (very long)
Giovani Moda - MR Informática
giovani at mrinformatica.com.br
Wed Oct 24 09:43:56 EDT 2007
Hi there,
I've removed all iptables rules that was marking ipsec traffic and also the table and rules for router3 from my advanced routing. Added the iptables rule as Peter sugested, excluding 189.2.x.y and it _seems_ to be working. I'll monitor it closely to see if the problem won't happen again, since this setup is master in suddenly stoping for no reason.
Peter, thanks for your input. I think it might have solved the problem. So simple hun? Sometimes all we need is a fresh pair of eyes...
Thanks,
Giovani Moda
----- Original Message -----
From: Peter McGill
To: 'Giovani Moda - MR Informática' ; users at openswan.org
Sent: Tuesday, October 23, 2007 5:30 PM
Subject: RE: [Openswan Users] openswan,alias interface and advanced routing (very long)
If I've understood your post correctly you have a public eth0 interface with a 189.2.x.x IP,
and a virtual eth0:0 with a different (similar) IP, which I'll call 189.2.v.v.
Your IPSec traffic using eth0:0 is incorrectly being NATed to 189.2.x.x by your SNAT rule?
(Note: if you have more than one IP in 189.2.x.x range then don't mask both as .x.x!
It's confusing as hell and impossible to determine which routes go where...
If you hide your IPs at least uniquely identify each.)
If that's the case then try this change:
$IPTABLES -t nat -A POSTROUTING -o eth0 -s ! 189.2.v.v -j SNAT --to-source 189.2.x.x
Peter McGill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071024/911f9cca/attachment.html
More information about the Users
mailing list