2.6 IPSEC and NAT issue

From: Richard A Nelson
Date: Sun Mar 14 2004 - 12:51:47 EST

Next message: Ron Peterson: "Re: network/performance problem"
Previous message: Celso González: "Re: snd-powermac volume setting broken?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

An odd difference betwixt 2.4/Freeswan and 2.6/IPSEC has been driving
me nuts - can anyone help ?

I've got a box on the local lan (192.168.1.0/24) that creates a tunnel
to a VPN server via ipsec.
* On 2.4/Freeswan, lan traffic is eth0 and tunnel is ipsec0
* On 2.6.4/IPSEC, both lan and tunnel is through eth0

I need to be able to NAT lan traffic across the VPN. On 2.4/Freeswan
this was trivial with
iptables -t nat -o eth0 -s 192.168.1.0/24 -j MASQUERADE
and, of course, allowing forwarding betwixt the interfaces

On 2.6/IPSEC, this setup doesn't seem to be working at all (no changes
have been done to the iptables rules) - traffic comming in eth0 is
either not NAT'd (haven't been able to check upstream traffic yet),
but in anycase I see no response to lan traffic that should've gone
out the tunnel
--
Rick Nelson
Life'll kill ya -- Warren Zevon
Then you'll be dead -- Life'll kill ya
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ron Peterson: "Re: network/performance problem"
Previous message: Celso González: "Re: snd-powermac volume setting broken?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]