[Openswan Users] Fedora 8 and Netscreen [SOLVED]

Michael Lavallee mlavalle at hotmail.com
Thu May 8 17:31:01 EDT 2008


Peter McGill wrote:
> This is undoing what leftsourceip does, making it ineffective.
> You fix it by exempting your ipsec traffic from the MASQing.
> In your firewall script you should have a rule similar too...
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> Insert the following rule before that existing rule.
> iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.3.1/32 -d 192.127.220.100/32 -j ACCEPT
> This will exempt your vpn traffic from the MASQ rule, which you should always do.
>   

That worked.  Thank you very much for your help!



More information about the Users mailing list