Re: [Users] Bypassing NAT for specific clients

From: Andreas Kemper (kem_at_comnets.rwth-aachen.de)
Date: Thu Aug 08 2002 - 09:08:16 CEST

• Previous message: Sebastien Georget: "[Users] NAT traversal patch"
• Maybe in reply to: Stephen J. Bevan: "[Users] Bypassing NAT for specific clients"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

obviously

iptables -t nat -A POSTROUTING -s xxx.yyy.5.200/32 -o eth0 -j RETURN
iptables -t nat -A POSTROUTING -s xxx.yyy.5.0/24 -o eth0 -j MASQUERADE

seems to be the right approach for my problem. Unfortunately now I have
another issue. While being logged in on the gateway, I can ping 5.xxx
addresses in the fixed network after adding a route like this:

route add -net xxx.yyy.5.0 netmask 255.255.255.0 dev eth0

Unfortunately this is not possible from the xxx.yyy.5.200 client
attached to eth1. Tcpdump'ing the eth1, I just can find ARP requests for
the address in the 5.zzz network, while nothing appears on the eth0.

Any further hints?

Thx again,
Andreas

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Previous message: Sebastien Georget: "[Users] NAT traversal patch"
• Maybe in reply to: Stephen J. Bevan: "[Users] Bypassing NAT for specific clients"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Aug 08 2002 - 12:19:39 CEST