[Openswan Users] Source NATTING IPSEC traffic
Duane Mulder
duanemulder at rattyshack.ca
Fri Aug 20 12:02:34 EDT 2010
Hello All
So I am looking to change the source IP address of traffic that is
destined to go through an IPSEC tunnel.
10.41.0.0 -------[IPSECA]===================[IPSEC_B]------10.68.0.0
What I need to do is SNAT the 10.42.0.0 hosts to a single IP address ie
10.52.1.1
This means that hosts on the 10.68.0.0 [IPSEC_B] side see traffic coming
from 10.52.1.1 only and not from any 10.41.0.0 address range on the
IPSEC_A side. I understand this also means that hosts from IPSEC_B
Is this something that can be added into /etc/ipsec.conf or do I need to
do some trickery with iptables. Something like
iptables -t nat -A prerouting -d 10.68.0.0/24 -j NETMAP to 10.52.1.1
Running on Kernel 2.6.24 Ubuntu Hardy.
regards,
Duane
More information about the Users
mailing list