ESP and NAT only work in the tunneling mode. Ramin
On Mon, Apr 08, 2002 at 09:40:49AM +0100, Jonathan Hodd wrote: > Hi, > > My iptables firewall isn't NATing ip50 packets, so the vpn firewall at work > is reporting my internal ip address once i'm authenticated. > (pre-authentication, i appear as the correct external ip) > > I'm not loading any additional modules, and my NAT rules are: > > $IPTABLES -t nat -A POSTROUTING -o eth0 -s $INT_IP -j SNAT --to $EXT_IP > $IPTABLES -t nat -A PREROUTING -i eth0 -d $EXT_IP -j DNAT --to $INT_IP > > I have a block of ips, so i'm not masquerading, just doing a 1:1 translation > for each of my machines to a different external address. > > Is the NATing of ip50 packets actually possible? > > if yes, what do i need to do/where do i need to look to find out > if no, how can i keep my vpn client behind the firewall and still use it? > > (I'm using mandrake 8.1 with no additional iptables patches; i'm sorry i > can't remember the version of iptables that is supplied with 8.1.)
