I am using SNAT, however its not the communication with the remote side of the vpn that concerns me right now. Once the ipsec interface is brought up, ALL masquerade functions stop, meaning that even when one of my internal machines tries to attach itself to an ip address that is not at the remote end of the vpn, the attempt fails. I have the necessary ports open for esp/ah, as the freeswan docs are fairly clear on it. Right now, my goal is just to get ipsec0 up but still allow my internal clients to use masq and reach non-vpn remote sights. Currently, once ipsec0 is admin up, my clients can't exist the network. Thank you for your time in responding to this! On Sun, 24 Aug 2003, Mark E. Donaldson wrote: > Are you are using SNAT? If so, this may be your problem. Depending on > whether or not you are using ESP vs. AH, you may be encrypting the IP header > and this will break your system. > > -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Marcelo Medici > Sent: Saturday, August 23, 2003 8:08 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: NetFilter rules break when freeswan is enabled > > > Hello, > I am currently seeing a problem on a machine running iptables 1.2.6. > The machine acts as a masquerade gateway for a group of rfc1918 addresses. > When I enable ipsec0 via the freeswan project, all forwarding using nat > ceases. The gateway server itself still has reachability outward, as well > as inward to the private network. It is only the masquerading that stops. > > Has anyone seen this type of behavior before? My iptables config is quite > large, but I can post it if a response requires it. > > Thank you. > > > > >
