[Openswan Users] Problem using NETKEY
Peter McGill
petermcgill at goco.net
Wed Jul 9 13:13:19 EDT 2008
Tiago,
There is a very simple solution for this.
iptables -t nat -A POSTROUTING -s $MY_NET -d 10.0.0.0/8 -j RETURN # or ACCEPT
iptables -t nat -A POSTROUTING -s $MY_NET -d 172.21.0.0/16 -j RETURN # or ACCEPT
iptables -t nat -A POSTROUTING -s $MY_NET -j MASQUERADE
Peter McGill
IT Systems Analyst
Gra Ham Energy Limited
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of Tiago Durante
> Sent: July 9, 2008 1:05 PM
> To: users at openswan.org
> Subject: [Openswan Users] Problem using NETKEY
>
> Hi all!
>
> I've been using KLIPS and now I'm having a big problem with NETKEY.
>
> KLIPS has this great thing that is create a "virtual" ethernet card
> for VPNs, what is great when we have a MASQUERADE configuration in the
> firewall.
>
> My problem:
>
> In my firewall I have 2 VPNs established between different networks:
>
> - 10.0.0.0/8
> - 172.21.0.0/16
>
> In the end of my iptables rules I've this:
>
> iptables -t nat -A POSTROUTING -s $MY_NET -d \! 10.0.0.0/8 -j
> MASQUERADE
> iptables -t nat -A POSTROUTING -s $MY_NET -d \! 172.21.0.0/16
> -j MASQUERADE
>
>
> The problem is that it just work for one of the networks, if I comment
> the first line I can get 172.21.0.0/16 accessible, if I comment the
> second line access works for 10.0.0.0/8...
>
> How can I solve this!? =(
>
>
>
> Thanks in advance!
>
>
>
> --
> Tiago Durante
>
> ,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,
> Perseverance is the hard work you do after you
> get tired of doing the hard work you already did.
> -- Newt Gingrich
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155
More information about the Users
mailing list