All, I have a road warrior configuration, where the road warrior is behind NAT, connecting from a Virtual Machine, through to the gateway 10.1.0.2.
In the logs the source IP of traffic to the gateway is the default gateway on the public network that hosts the SS GW. 10.1.0.1. However - I have been firewalling (FORWARD chain) based on Virtual IP pools - e.g. To only allow Virtual IP Pool 10.4.100.X -> eth2, 10.5.100.X -> eth3. This works fine when using a client that's not behind NAT. The NAT'ing here is obviously breaking the firewall rules... What do I need to do on my gateway to be able to get back to being able to firewall based on Client Virtual IP? I have looked into [1] the nat_up_down script, but don't really understand the mechanics of this and if it is what I need? For example what is PH_IP_ALICE? Regards, [1] http://git.strongswan.org/?p=strongswan.git;a=blob;f=testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/nat_updown;h=aab1df687484362b2c16eaf6bd30d05b3590520a;hb=HEAD - Andy Paton - Bsc. (Hons), MBCS Innovation Engineer andy.pa...@hp.com<mailto:andy.pa...@hp.com> [HP]<http://www.hp.com/>
<<inline: image001.png>>
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
