Hi all, I'm trying to setup a test VPN connection between two networks using OpenSWAN with FireHol to generate my iptables. I'm stuck with this problem: I need to accomplish the command in FrieHol:
iptables -t nat -A POSTROUTING -o eth0 -d ! 192.0.2.128/29 -j MASQUERADE I tried the setting: router lan2anywhere inface eth1 outface eth0 masquerade eth0 dst not 192.0.2.128/29 route all accept But this resulted in all packets being sent to 192.0.2.128/29 to be rejected because the resulting entries (via iptables -t nat -n -L) is: Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination POSTROUTING.1 all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING.1 (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 192.0.2.128/29 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 The second to the last line I think rejects all traffic to 192.0.2.128/29. If any, I looking for the correct setting to avoid firehol putting the RETURN entry and the last line should reflect: MASQUERADE all -- 0.0.0.0/0 !192.0.2.128/29 Any help would be greatly appreciated. --- mike t. Send instant messages to your online friends http://uk.messenger.yahoo.com _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
