[Openswan Users] openswan behind iptables+linux (fwd)
Paul Wouters
paul at xelerance.com
Thu Jul 3 00:15:42 EDT 2008
---------- Forwarded message ----------
Date: Wed, 2 Jul 2008 20:32:15 -0700
From: <wangxh at nercis.ac.cn>
To: <users-owner at openswan.org>
Subject: openswan behind iptables+linux
Hi
My net structurer is
192.168.20.0/24
||
||
192.168.20.1 eth0
gw opeswan A
111.222.333.444 eth1 |
|
222.333.444.555
fw nat
192.168.2.1
||
||
192.168.2.2
gw openswan B
192.168.5.1
|||
|||
192.168.5.0/24
ipsec.conf ON A is :
left=111.222.333.444
leftsubnet=192.168.20.0/24
leftnexthop=222.333.444.555
leftid=@A
right=222.333.444.555
rightsubnet=192.168.5.0/24
rightnexhop=192.168.2.1
rightid at B
auto=add
authby=secret
B
left=111.222.333.444
leftsubnet=192.168.20.0/24
leftnexthop=222.333.444.555
leftid=@A
right=192.168.2.2
rightsubnet=192.168.5.0/24
rightnexhop=192.168.2.1
rightid=222.333.444.555
auto=add
authby=secret
iptables [a8]Ct nat A PREROUTING [a8]Cs 111.222.333.444 [a8]Cp udp [a8]Cdport 500 [a8]Cd
222.333.444.555 [a8]Cj DANT [a8]Cto-destination 192.168.2.2:500
iptables [a8]Ct nat A PREROUTING [a8]Cs 111.222.333.444 [a8]Cp udp [a8]Cdport 4500 [a8]Cd
222.333.444.555 [a8]Cj DANT [a8]Cto-destination 192.168.2.2:4500
More information about the Users
mailing list