Hello Sean,
Please always send your email to the mailing list, too.
The scenario only shows the *filter table of iptables, but NAT rules are in the
*nat table.
You need to look at the source of the scenario in the repository to see all the
rules.It's really not that fancy. The iptables target is described on the man page for `iptables` or `iptables-extensions`. On 26.02.2016 21:42, Sean Courtney wrote: > HI, > > I did look at the example outlined here before posting. > > https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/ > > The example uses NETMAP to translate subnets into new subnets with the > same subnet mask. > > I want to do PAT. Is there an example of NETMAP doing PAT? Can NETMAP do PAT? > > I must be overlooking something so obvious. > > Thanks > > On Fri, Feb 26, 2016 at 3:12 PM, Noel Kuntze <[email protected]> wrote: >> > Hello Sean, >> > >>> >> I really want to PAT my IPSEC'd subnets. Is there anyone to PAT an >>> >> entire subnet with StrongSwan? >> > Handling the traffic is done in the kernel. >> > Use the NETMAP target in iptables and negotiate policies that secure the >> > traffic between >> > your desired subnet and the remote side. >> > >> > -- >> > >> > Mit freundlichen Grüßen/Kind Regards, >> > Noel Kuntze >> > >> > GPG Key ID: 0x63EC6658 >> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> > >> > > > -- Sean Courtney Ph - 410 878 7833 -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
