I'm still learning IPTables but I would suspect that the problem is you
are changing the already authenticated ESP packet with your NAT rule.
If that is true, do not pass the IPSec traffic through the SNAT filter.
The packet will be put on the Internet with the address of the local
tunnel end point and not the generating computer's IP address - John
On Sat, 2002-06-01 at 05:52, khaledeshah wrote:
> I have 2 gateways with freeswan vpn, & it worked OK except that I can
> only connect from one subnet to the other but not vice versa
> I can connect from both sides when I delete one of the iptables SNAT
> commands :
>
> iptables -t nat -A POSTROUTING -d ! 10.0.0.0/24 -j SNAT --to x.x.x.x
> what is the problem ?
-- John A. Sullivan III Group Technology Director Nexus Management +1 207-985-7880 John.Sullivan_at_nexusmgmt.com_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:10 CEST