>i have a machine with private 192.168 and a public IP (ppp). >i use free s/wan ipsec for a vpn to a similar gateway. >the ipsec interface has the same adress as my ppp interface >(the public one) but the route thru the interface points to >another private 192.168. subnet. > >my problem is this: > >programs on one gateway trying to reach a private IP behind the >other gateway bind to the (public) addr of the ipsec-interface >because of the route there. and that public ip isn't part of the >vpn so they can't reach the other side. > >how can i - based on the destination - force all programs to use >the private ip as source? >i heard "ip route change" can do this - but the help output doesn't >tell me how. thanks! well i didnt really understand your situation, but i can answer your last question: you can use nat to make whatever packets you want to have whatever source and/or destination IP you want. off the top of my head (ie syntax might be wrong): iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j SNAT --to-source 1.2.3.4 ie all packets coming from 192.168.0.0/24 and heading out on interface eth2 will have their source IP changed to 1.2.3.4. you can use also (or instead of -o) -d 10.0.0.0/8 in which case it would be 'all packets coming from 192.168.0.0/24 and headed towards 10.0.0.0/8 shall be SNATted to 1.2.3.4' - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
