[Openswan Users] question about road-warrior setup with a natted gateway
Paul Wouters
paul at xelerance.com
Fri Jun 26 15:30:25 EDT 2009
On Fri, 26 Jun 2009, Freeman Wang wrote:
> In order to do something like this
>
> # iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
>
> change it to something like:
>
> # iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -d ! 172.16.0.0/24 -j MASQUERADE
>
>
>
> It seems I need to know the IP address of the road-warrior to exclude it
> from being masqueraded.
You should not need that. I am not sure I understand why you think you
need to? If your roadwarrior has a subnet behind it that needs to connect
to a remote ipsec gateway, then it should just not NAT/MASQ anything with
source address from within that subnet.
Paul
More information about the Users
mailing list