[Openswan Users] Fedora 8 and Netscreen [SOLVED]

Michael Lavallee mlavalle at hotmail.com
Thu May 8 17:31:01 EDT 2008

Peter McGill wrote:
> This is undoing what leftsourceip does, making it ineffective.
> You fix it by exempting your ipsec traffic from the MASQing.
> In your firewall script you should have a rule similar too...
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> Insert the following rule before that existing rule.
> iptables -t nat -A POSTROUTING -o ppp0 -s -d -j ACCEPT
> This will exempt your vpn traffic from the MASQ rule, which you should always do.

That worked.  Thank you very much for your help!

More information about the Users mailing list