Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] Confused newbie needs help.... (long)

From: Aldo S. Lagana (alagana_at_discmail.com)
Date: Tue Jul 02 2002 - 15:52:25 CEST

Next message: Sam Sgro: "Re: [Users] Compiling static version"
Previous message: Bernhard Thoni: "[Users] howto certify a request by 2 different ca?"
In reply to: M. Yu: "[Users] Confused newbie needs help.... (long)"
Next in thread: Sandy Harris: "Re: [Users] Confused newbie needs help.... (long)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A simple answer - FreeS/WAN adds a (virtual?) interface and routes for
each tunnel. SO when packets are destined for the other side of the
tunnel, Linux routing will choose the tunnel route. If it is destined
to the Internet, Linux routing will choose the default gateway and thus
bypass those ipsec routes.

To make it not NAT the ipsec connections, you use POSTROUTING ACCEPT
(not SNAT or MASQUERADE) rules for the tunnels and your last POSTROUTING
will do the NAT required for Internet connections..

Hope this helped..

> -----Original Message-----
> From: users-admin_at_lists.freeswan.org
> [mailto:users-admin_at_lists.freeswan.org] On Behalf Of M. Yu
> Sent: Tuesday, July 02, 2002 8:04 AM
> To: users_at_lists.freeswan.org
> Subject: [Users] Confused newbie needs help.... (long)
>
>
>
>
> Hello all,
>
> I'm new to both FreeS/WAN and VPNs in general although I'm
> comfortable working in Linux. I downloaded the RPMs from
ftp.xs4all.nl which is version 1.98 I believe. I am running RedHat 7.3
(kernel 2.4.18) with all recent updates. Since there is no 1.98
documentation, I am referencing the 1.95 HTML docs. What I want to do
is connect 2 remote offices to our main office via cable modems. Each
office has 2 depts/network behind the firewall (3 NICs in the fwall). I
am currently stumped by the section A COMPLICATION: IPSEC VS. NAT.
Since some of the PCs behind the 2 firewalls must be able to connect to
the Internet, NAT is performed on cable modem side of the firewall.
>From the docs, doing NAT on the same machine (or should I say
interface) that has the IPsec tunnel will work. My question is how to
make it work so that clients on either side of the firewall/IPsec
gateway see each other (as in be able to PING each other) while still
remaining hidden (or NATted) when going to the Internet. From the doc,
it would seem I would have to choose between one or the other. Please
help.

Thanks in advance!

M. Yu

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Sam Sgro: "Re: [Users] Compiling static version"
Previous message: Bernhard Thoni: "[Users] howto certify a request by 2 different ca?"
In reply to: M. Yu: "[Users] Confused newbie needs help.... (long)"
Next in thread: Sandy Harris: "Re: [Users] Confused newbie needs help.... (long)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST