I'm trying to setup a test VPN connection between two
networks using OpenSWAN with FireHol to generate my
iptables. I'm stuck with this problem: I need to
accomplish the command in FrieHol:
iptables -t nat -A POSTROUTING -o eth0 -d !
192.0.2.128/29 -j MASQUERADE
I tried the setting:
router lan2anywhere inface eth1 outface eth0
masquerade eth0 dst not 192.0.2.128/29
route all accept
But this resulted in all packets being sent to
192.0.2.128/29 to be rejected because the resulting
entries (via iptables -t nat -n -L) is:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
POSTROUTING.1 all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING.1 (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0
192.0.2.128/29
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
The second to the last line I think rejects all
traffic to 192.0.2.128/29.
If any, I looking for the correct setting to avoid
firehol putting the RETURN entry and the last line
should reflect:
MASQUERADE all -- 0.0.0.0/0
!192.0.2.128/29
Any help would be greatly appreciated.
Hey Mike,
You could just put the iptables command in your firehol.conf.
Don't know if it helps, but I use freeswan on two TSL 2.0 boxes to tunnel all
traffic from internal eth0 to external eth1 (becomes ipsec0) to connect two
private LAN's over the internet, with the following setting in firehol.conf:
# IPSEC interface for tunneling
interface ipsec0 tunnel
policy accept
router IPSECsend inface eth0 outface ipsec0
route all accept
router IPSECreturn inface ipsec0 outface eth0
route all accept
--
Ari�n Huisken
Xilay Software
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
