From: Andre Henry (andre_at_go-net.com)
Date: Mon Nov 11 2002 - 18:37:58 CET
I am trying to apply NAT to the outbound packets before freeswan gets
them. In other words all VPN traffic has the public IP before they get
encrypted.
Can you point me to any info. ipchains(8) on my system does not have a
postrouting chain, do I need to upgrade ?
Andre
On Mon, 2002-11-11 at 12:24, Ken Bantoft wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> On 11 Nov 2002, Andre Henry wrote:
>
> > Sorry for the cross post.
> >
> > I have been searching the web with no luck. Is it possible to apply NAT
> > before Freeswan ?
> >
> > What I find seems to say no because NAT is on the forward chain and if
> > Freeswan runs on the NAT server then packets destined for Freeswan don't
> > hit the forward chian.
> >
> > Is this correct ? Is there a workaround ?
> >
> > Thanks,
> > Andre
> >
>
> I'm not sure what you're trying to accomplish here, but it is possible to
> mix NAT + FreeS/WAN on the same box. You can use rules in the POSTROUTING
> chain to manipulate the packets before they hit ipsec0.
>
>
> - --
> Ken Bantoft The Unoffical FreeS/WAN Site:
> ken_at_freeswan.ca http://www.freeswan.ca
> PGP Key: finger ken_at_bantoft.org
> "Random numbers should not be generated with a method
> chosen at random." -- Donald Knuth,
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
>
> iQCVAwUBPc/nvViWUusaxGxpAQE7CQP/XHcb0qEjlm5qmxdrXSgloOjx7WJBipxk
> VddLL5ZZLq0I+YYn6NIrq7xIj78w1YH8KDoAL08I73k12AtufZKGPy8tyyOFrDGM
> vTUn3iIEvMrpyTXEmj0bz5L0WGtv+adA52pBtAHKL4g5JY+gbePfcVsSdfyJOKdc
> uc2YEeBZk1o=
> =zT8T
> -----END PGP SIGNATURE-----
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Nov 16 2002 - 05:20:41 CET