cool. i have a nasty feeling this is all going to get terribly complicated :)
thanks, Jon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 09 April 2002 09:36 To: Jonathan Hodd Subject: Re: ip50, NAT, SecuRemote Client you can use iptables to redirect clients through a freeswan tunnel, freeswan is a vpn solution regards ----- Original Message ----- From: "Jonathan Hodd" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 09, 2002 9:57 AM Subject: RE: ip50, NAT, SecuRemote Client > I *think* i know what tunnelling is, but can i do this with iptables? > > Or do i need something like FreeS/WAN instead? > > Regards > > Jon > > >ESP and NAT only work in the tunneling mode. > > > >Ramin > > > > > > > >> Hi, > >> > >> My iptables firewall isn't NATing ip50 packets, so the vpn firewall at > work > >> is reporting my internal ip address once i'm authenticated. > >> (pre-authentication, i appear as the correct external ip) > >> > >> I'm not loading any additional modules, and my NAT rules are: > >> > >> $IPTABLES -t nat -A POSTROUTING -o eth0 -s $INT_IP -j SNAT --to $EXT_IP > >> $IPTABLES -t nat -A PREROUTING -i eth0 -d $EXT_IP -j DNAT --to $INT_IP > >> > >> I have a block of ips, so i'm not masquerading, just doing a 1:1 > translation > >> for each of my machines to a different external address. > >> > >> Is the NATing of ip50 packets actually possible? > >> > >> if yes, what do i need to do/where do i need to look to find out > >> if no, how can i keep my vpn client behind the firewall and still use it? > >> > >> (I'm using mandrake 8.1 with no additional iptables patches; i'm sorry i > >> can't remember the version of iptables that is supplied with 8.1.) >
