Hi Doug, i think your supposition is right, that's too general. Every packet going out on eth0 will be natted and this is not what you want in case of ipsec. Packet going out on the newly established vpn tunnel should NOT be natted in any way. I can suggest you to nat what you really need to nat so in this way you will get benefits on security side too. If you know wich ip address will be assigned or are assigned on the other side of the tunnel you can explicit disable nat on that destination. Marcello Il mer, 2002-12-11 alle 06:03, Simpson, Doug ha scritto: > I have a redhat 7.3 box that is dualhomed. It is my firewall and vpn > server. I can successfully vpn (with IPSEC) into it. If I use the > following command "iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE" I > cannot use VPN, but my internal network can only receive email (POP3) and > telnet after I use this command. > I have set up squid so I proxy my www traffic. > Can I NAT my pop3 and my telnet, and still VPN (IPSEC)? > I am guessing my command is too general and I need to be more specific - > ports, source, etc defined. > Thanks, > Doug -- Marcello Scacchetti <marcello.scacchetti@nextrem.it>
