On Thu, 2004-11-04 at 12:07, Payal Rathod wrote:
> Hi,
> I use simple masquerading to allow my windows clients to browse the
> net. But for one particular machine I need to connect it to VPN of
> my client abroad. Now, the tech people at their end told me not
> to nat that machine as nating would destroy the VPN part. How do I do that?
> The machine IP address is 192.168.10.15.
>
> With warm regards,
> -Payal
insert a rule BEFORE your outbound MASQ rule
iptables -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE
that says:
iptables -t nat -A POSTROUTING -o $EXT_IF \
-s 192.168.10.15 -d $REMOTE_VPN_NET -j ACCEPT
is this a site-to-site VPN between your firewall and their firewall? if
not--ignore the above statements.
-j
--
"'Nuke the whales?' You don't really believe that, do you?
I dunno. Gotta nuke something."
--The Simpsons
