That's what I already said in my last post on this thread.. it's a virtual network which is basically known only to the 2 firewall and not assigned to any specific host, hence virtual ;) but best use the NETMAP module otherwise you'll have a whole lot of rules to make.... Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Ray Leach [mailto:raymondl@xxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, May 28, 2003 4:38 PM To: Drew Einhorn Cc: Netfilter Mailing List Subject: Re: vpn between networks with private ip network segment conflicts Yes. I had another thought (those are rare for me) What if you created a network between the two networks. Like this: Net1 <-> VPN (CIPE) <-> New NET <-> VPN (CIPE) <-> Net2 Then your routing would be to the new network. Maybe use some kind of NAT rules to map the new net back to the dest net. For example: Net1.host1 (192.168.0.1) wants to connect to net2.host1 (192.168.0.1) He actually connects to 10.0.0.1 and the VPN/Router1 does a SNAT to its IP. VPN/Router2 does a DNAT for the traffic from 10.0.0.1 back to 192.168.0.1 VPN/Router1 has to have a route for 10.0.0.1 pointing to VPN/Router2 Do the same on the other side. I was thinking of something along the lines of the P-O-M 1:1 NAT patch. Does this make sense, and might it work? Ray
