IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Confused newbie needs help.... (long)

From: Jarlath Burke (burkejarlath_at_eircom.net)
Date: Tue Jul 02 2002 - 19:20:56 CEST

Hi,
I do something similiar but I add a rule in POSROUTING to ACCEPT
all traffic going *out* ipsec0, which stops packets that are about to be
processed by the IPSec machinery from being masqueraded, or at least
that's my understanding of it anyway.
I had a similiar question about that a few days ago, see the message below..

http://listarchive.nextrieve.com/freeswan//200206/msg00827.html

Regards,
Jarlath.

> > -----Original Message-----
> > From: users-admin_at_lists.freeswan.org
> > [mailto:users-admin_at_lists.freeswan.org]On Behalf Of Aldo S. Lagana
> > Sent: 02 July 2002 14:52
> > To: 'M. Yu'; users_at_lists.freeswan.org
> > Subject: RE: [Users] Confused newbie needs help.... (long)
> >
> >
> > A simple answer - FreeS/WAN adds a (virtual?) interface and routes for
> > each tunnel. SO when packets are destined for the other side of the
> > tunnel, Linux routing will choose the tunnel route. If it is destined
> > to the Internet, Linux routing will choose the default gateway and thus
> > bypass those ipsec routes.
> >
> > To make it not NAT the ipsec connections, you use POSTROUTING ACCEPT
> > (not SNAT or MASQUERADE) rules for the tunnels and your last POSTROUTING
> > will do the NAT required for Internet connections..
> >
> > Hope this helped..
> >
> >
> > > -----Original Message-----
> > > From: users-admin_at_lists.freeswan.org
> > > [mailto:users-admin_at_lists.freeswan.org] On Behalf Of M. Yu
> > > Sent: Tuesday, July 02, 2002 8:04 AM
> > > To: users_at_lists.freeswan.org
> > > Subject: [Users] Confused newbie needs help.... (long)
> > >
> > >
> > >
> > >
> > > Hello all,
> > >
> > > I'm new to both FreeS/WAN and VPNs in general although I'm
> > > comfortable working in Linux. I downloaded the RPMs from
> > ftp.xs4all.nl which is version 1.98 I believe. I am running RedHat 7.3
> > (kernel 2.4.18) with all recent updates. Since there is no 1.98
> > documentation, I am referencing the 1.95 HTML docs. What I want to do
> > is connect 2 remote offices to our main office via cable modems. Each
> > office has 2 depts/network behind the firewall (3 NICs in the fwall). I
> > am currently stumped by the section A COMPLICATION: IPSEC VS. NAT.
> > Since some of the PCs behind the 2 firewalls must be able to connect to
> > the Internet, NAT is performed on cable modem side of the firewall.
> > From the docs, doing NAT on the same machine (or should I say
> > interface) that has the IPsec tunnel will work. My question is how to
> > make it work so that clients on either side of the firewall/IPsec
> > gateway see each other (as in be able to PING each other) while still
> > remaining hidden (or NATted) when going to the Internet. From the doc,
> > it would seem I would have to choose between one or the other. Please
> > help.
> >
> > Thanks in advance!
> >
> >
> > M. Yu
> >
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST