Hi Noel, I looked at the man for iptables-extensions. i guess i don't want netmap at all...i want snat. Does strongswan support snat?
Thanks, Sean On Fri, Feb 26, 2016 at 3:54 PM, Noel Kuntze <[email protected]> wrote: > Hello Sean, > > Please always send your email to the mailing list, too. > The scenario only shows the *filter table of iptables, but NAT rules are in > the *nat table. > You need to look at the source of the scenario in the repository to see all > the rules. > > It's really not that fancy. The iptables target is described on the man page > for `iptables` or `iptables-extensions`. > > > On 26.02.2016 21:42, Sean Courtney wrote: >> HI, >> >> I did look at the example outlined here before posting. >> >> https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/ >> >> The example uses NETMAP to translate subnets into new subnets with the >> same subnet mask. >> >> I want to do PAT. Is there an example of NETMAP doing PAT? Can NETMAP do PAT? >> >> I must be overlooking something so obvious. >> >> Thanks >> >> On Fri, Feb 26, 2016 at 3:12 PM, Noel Kuntze <[email protected]> wrote: >>> > Hello Sean, >>> > >>>> >> I really want to PAT my IPSEC'd subnets. Is there anyone to PAT an >>>> >> entire subnet with StrongSwan? >>> > Handling the traffic is done in the kernel. >>> > Use the NETMAP target in iptables and negotiate policies that secure the >>> > traffic between >>> > your desired subnet and the remote side. >>> > >>> > -- >>> > >>> > Mit freundlichen Grüßen/Kind Regards, >>> > Noel Kuntze >>> > >>> > GPG Key ID: 0x63EC6658 >>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >>> > >>> > >> >> -- Sean Courtney Ph - 410 878 7833 > > > -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > -- Sean Courtney Ph - 410 878 7833 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
