Could you (or someone else on the list) just tell me how this can be
done
with the netfilter? I could not find a way for it. I am with kernel 2.6.16-14
now. The problem, again:
> Could not conceive an working set-up for an IPSEC VPN made with
> racoon/setkey on which I have one address on my side acting as an SNAT
> router for all traffic from my network to a network segment on the far
> side.
>
> my network --- my gateway ---------------------- remote network
> 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22
>
> The VPN starts on the gateway, simply all traffic destinate to
> 192.168.0.0/22 should get an SNAT to 10.253.0.2 and go via the tunnel.
> SNAT however is available only in POSTROUTING chain, and no outgoing
> interface really exists with setkey.
> So, next rule should be implemented on the gateway: "Packets going to
> 192.168.0.0/22 should be SNAT to 10.253.0.2 and go via the tunnel"
George.
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
