[Openswan Users] iptables - NAT with openSWAN (how to not nat my vpn subnets)
Shaun Curry
scurry7 at gmail.com
Wed Apr 30 00:29:51 EDT 2008
my main goal (what ever the best way to accomplish it) is to have nat setup
(so my nodes on the lan can access internet) and allow traffic through my
vpn tunnels (when destined for the 5 other subnets).
I have setup a nat (with iptables), and openswan...
with no iptables statements my vpn works great to all subnets on the other
side (10.0.0.0/24, 10.1.0.0/16, etc...). When I setup iptables it tries to
send all traffic out the internet interface. My nat statment is Code:
iptables -t nat -A POSTROUTING -o eth0 -s 10.6.0.0/16 -d 0/0 -j MASQUERADE
(maybe someone can specify a better way - if so please let me know).
Okay so I flush my iptables Code:
iptables -t nat -F
and setup this statment telling it to not nat traffic from 10.6.0.0 going
to 10.0.0.0/24 Code:
iptables -t nat -A POSTROUTING -o eth0 -s 10.6.0.0/16 -d ! 10.0.0.0/24
-j MASQUERADE
works great, until i add an addional subnet Code:
iptables -t nat -A POSTROUTING -o eth0 -s 10.6.0.0/16 -d ! 10.1.0.0/16
-j MASQUERADE
once the two commands are in the nat table then nothing works.
someone please help me!!!
again my main goal (what ever the best way to accomplish it) is to have nat
setup (so my nodes on the lan can access internet) and allow traffic through
my vpn tunnels (when destined for the 5 other subnets).
thanks in advance!
--
Shaun Curry
BS-InformationTechnology
936.718.2175
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080429/36e6b334/attachment.html
More information about the Users
mailing list