Re: NAT rule | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Wednesday 2008-07-16 18:12, Michael Crider wrote: > I am attempting to set up a LAN-to-LAN VPN using ipsec-tools for one > of our vendors to access a server behind our firewall. However, the > local IP address of the server (192.168.10.xx) conflicts with a local > address at the vendor's network. They suggested using NAT to transform > the server address to 192.168.101.xx and hooking the VPN to the > 192.168.101.0/24 network. I would like to run the VPN on the same > machine with the firewall (which uses netfilter 1.3.5-4 on CentOS > 5.2). We need to be able to initiate a connection from either end of > the VPN. Could anybody recommend iptables rules that would set up the > address translation? iptables -t nat -A POSTROUTING -m policy --dir out --mode tunnel --tunnel-dst <realip of vendor> -j NETMAP --to 192.168.101.0/24 iptables -t nat -A PREROUTING -m policy --dir in --mode tunnel --tunnel-src <realip of vendor> -j NETMAP --to 192.168.10.0/24 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development] [Linux Kernel Development] [TCP/IP Books] [Linux Resources] [LARTC] [Home] [Bugtraq] [Consulting] [Free Internet Dating] [Yosemite Forum] [Photo]