Hi Darren,
I am running into a problem with ipnat on linux when using gre over ipsec. I
have gre tunnels
which use non routable address endpoints which are tunneled over ipsec to run
ospf.
my normal ipnat config looks like this on FreeBSD which works but doesn't on
linux:
map eth1 from 10.254.1.0/24 to any port=21 -> 10.0.133.102/32 proxy port 21
ftp/tcp
map eth1 from 10.254.1.0/24 to any -> 10.0.133.102/32 portmap tcp/udp
40000:60000
map eth1 from 10.254.1.0/24 to any -> 10.0.133.102/32
The problem is in linux the esp encapulation happens last so anything going
across the gre's is being natted.
What I need is to be able to specify instead of "any" only routable address ranges.
Maybe something like:
map eth1 from 10.254.1.0/24 to range 0.0.0.1 - 9.255.255.255 -> 10.0.133.102/32
Or am I missing something and there is already a way to do this?
BTW if i remove the map eth1 from 10.254.1.0/24 to any -> 10.0.133.102/32
then my gre's work but I can't ping the internet cause the icmp is not mapped.
Thanks for any advice,
Steve
