I ran into some trouble using a Debian box as an IP Masq gateway (also
running Squid) to a network which uses a VPN box employing IPsec. The
ISP's tech support said that GNU/Linux was incapable of doing NAT properly
with IPsec and that I'd have to kill the NAT and proxy to make things
work.
I
On Sun, Oct 01, 2000 at 12:49:12PM -0400, Randy Edwards wrote:
I ran into some trouble using a Debian box as an IP Masq gateway (also
running Squid) to a network which uses a VPN box employing IPsec. The
ISP's tech support said that GNU/Linux was incapable of doing NAT properly
with IPsec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
I ran into some trouble using a Debian box as an IP Masq gateway (also
running Squid) to a network which uses a VPN box employing IPsec. The
ISP's tech support said that GNU/Linux was
The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP
protocols other than TCP and UDP.
Almost true. Using the iproute2 tools, you can do a static NAT of an
inside box to outside. You can then use standard packet filter firewall
rules to block various ports you don't want
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
The problem is, as I said before, kernel 2.2 doesn't like to do NAT on IP
protocols other than TCP and UDP.
Almost true. Using the iproute2 tools, you can do a static NAT of an
inside
The ip neigh {add|del|change|replace} ... sequence?
Yeah. Look in /usr/share/doc/iproute and print off one of the cref
(command reference) docs (note the .ps file wants A4 paper)
Problem is that it burns another external IP address.
Um... not good.
Well, yeah. That is the thing with
6 matches
Mail list logo