On Wednesday 2008-07-16 18:12, Michael Crider wrote: > I am attempting to set up a LAN-to-LAN VPN using ipsec-tools for one > of our vendors to access a server behind our firewall. However, the > local IP address of the server (192.168.10.xx) conflicts with a local > address at the vendor's network. They suggested using NAT to transform > the server address to 192.168.101.xx and hooking the VPN to the > 192.168.101.0/24 network. I would like to run the VPN on the same > machine with the firewall (which uses netfilter 1.3.5-4 on CentOS > 5.2). We need to be able to initiate a connection from either end of > the VPN. Could anybody recommend iptables rules that would set up the > address translation? iptables -t nat -A POSTROUTING -m policy --dir out --mode tunnel --tunnel-dst <realip of vendor> -j NETMAP --to 192.168.101.0/24 iptables -t nat -A PREROUTING -m policy --dir in --mode tunnel --tunnel-src <realip of vendor> -j NETMAP --to 192.168.10.0/24 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
