[Openswan Users] question about road-warrior setup with a natted gateway

Paul Wouters paul at xelerance.com
Fri Jun 26 15:30:25 EDT 2009

On Fri, 26 Jun 2009, Freeman Wang wrote:

> In order to do something like this
>  # iptables -t nat -A POSTROUTING -o eth0 -s -j MASQUERADE
> change it to something like:
>  # iptables -t nat -A POSTROUTING -o eth0 -s -d ! -j MASQUERADE
> It seems I need to know the IP address of the road-warrior to exclude it
> from being masqueraded.

You should not need that. I am not sure I understand why you think you
need to? If your roadwarrior has a subnet behind it that needs to connect
to a remote ipsec gateway, then it should just not NAT/MASQ anything with
source address from within that subnet.


More information about the Users mailing list