[Openswan Users] multiple subnets ?

Indunil Jayasooriya indunil75 at gmail.com
Fri Jun 27 23:06:06 EDT 2008 

>> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d \!
>> 196.4.49.0/24 -j SNAT --to-source 1.2.3.4
>> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d \!
>> 196.4.51.0/24 -j SNAT --to-source 1.2.3.4
>> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d \!
>> 10.10.99.0/24 -j SNAT --to-source 1.2.3.4
>> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d \!
>> 10.10.250.0/24 -j SNAT --to-source 2.2.3.4
>
> These do absolutely nothing you should remove them.

I removed. U r great.

Yes, I got VPN up and running. Now I can ping 4 networks in the other side.
Thnks very much for it.

Below 4 rules did the job. ( AS U said)

 iptables -t nat -A POSTROUTING -o eth1 -d 196.4.49.0/24 -j ACCEPT
 iptables -t nat -A POSTROUTING -o eth1 -d 196.4.51.0/24 -j ACCEPT
 iptables -t nat -A POSTROUTING -o eth1 -d 10.10.99.0/24 -j ACCEPT
 iptables -t nat -A POSTROUTING -o eth1 -d 10.10.250.0/24 -j ACCEPT


So far, We added a whole network to ipsec.conf file. Now I want to add
one ip address to rightsubnet in ipsec.conf file. ip address is
10.254.6.172/32. I have already added in this way. pls see below


conn tunnelipsec5
       type=tunnel
       left=1.2.3.4
       leftsubnet=192.168.1.0/24
       right=5.6.7.8
       rightsubnet=10.254.6.172/32
       esp=3des
       authby=secret
       keyexchange=ike
       pfs=no
       auto=start


in addition to that, I added below rule in firewall after the other 4 rules.

iptables -t nat -A POSTROUTING -o eth1 -d 10.10.250.0/24 -j ACCEPT

Am I right?

I am curretly having below rules in sysctl.conf. Are they needed?

Pls let me know.


 net.ipv4.icmp_ignore_bogus_error_responses = 1
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.all.send_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0
 net.ipv4.conf.default.log_martians = 0
 net.ipv4.conf.default.send_redirects = 0
 net.ipv4.ip_forward = 1
  net.ipv4.conf.default.rp_filter = 0



Peter and Paul , Thanks for your helps given to me. U r genius.

Hope to hear form you.


Thank you
Indunil Jayasooriya

More information about the Users mailing list