So, I am trying to use NAT to solve the problem below because of an IP
addressing conflict issue but I am not having much luck. Basically all of
the Site A needs to get to only a few devices at each site B&C so I am
trying to do PREROUTING NAT on the far end systems. I have the tunnels up
and I can see the traffic getting to the remote side on ipsec0 but I just
can't get it to NAT from the 1.1.1.1 to the real 10.10.1.1.
Command that I think should work
iptables -t nat -A PREROUTING -i ipsec0 -d 1.1.1.1 -j DNAT --to 10.10.10.10
iptables -t nat -A POSTROUTING -o ipsec0 -s 10.10.10.10 -j SNAT --to 1.1.1.1
Any ideas? Layout and configs are below.
Site A eth0 - 192.168.254.0/24--Internet--Site B eth0 - 10.10.0.0/16
\ NAT FROM 1.1.1.1 10.10.1.1
example
\--Internet--Site C eth0 -
10.10.0.0/16
NAT FROM 1.1.2.1 10.10.1.1
example
So here is the openswan configurations for your reference:
Site A
conn site_a-to-site_b
#---------(local side is left side)
left=<public site a>
leftsubnet=192.168.254.0/24
leftnexthop=%defaultroute
#---------(remote side is right side)
right=<public site b>
rightsubnet=1.1.0.0/16
#---------Auto Key Stuff
pfs=yes
auth=esp
authby=secret
esp=3des-md5-96
keylife=8h
keyingtries=0
Site B
conn site_b-to-site_a
#---------(local side is left side)
left=<public site b>
leftsubnet=1.1.0.0/16
leftnexthop=%defaultroute
#---------(remote side is right side)
right=<public site a>
rightsubnet=192.168.254.0/24
#---------Auto Key Stuff
pfs=yes
auth=esp
authby=secret
esp=3des-md5-96
keylife=8h
keyingtries=0
