Re: IPSec, IPTables, multiple subnets
- From: "SilkBC" <swasak@xxxxxxxxxxx>
- Date: 29 Mar 2007 07:08:57 -0700
On Mar 27, 1:46 pm, Clifford Kite <k...@xxxxxxxxxxxxxxxxx> wrote:
Given that I'm no IPSec or iptables expert, you might try this:
iptables -t nat -A POSTROUTING -o eth0 -d ! 10.175.0.0/16 -j MASQUERADE
I had considered the above, but thought it would have prevented the
LAN traffic at the main site (10.175.0.0/24) from being masquerated/
nat'd out to the Internet. I gave it a try anyway, and it doesn't
seem to affect that traffic.
Having done that, I have made some progress: from the 10.175.0.0/24
(main site) network, I am able to ping the private gateway IPs of the
routers at the different sites (10.175.x.254) whereas I was not able
to do so previously. I am unable to ping any of the PCs behind the
gateways, however (though I can do so if I SSH to the gateway itself
and start pinging the IPs of the PCs).
I was thinking this may be a routing issue until I was actually able
to ping just one of the PCs in the 10.175.3.0/24 subnet, though I
cannot ping any of the others behind it.
The firewall is not an issue, as it is running the exact same one as
the site with the 10.175.1.0/24 subnet (which is working 100% as it
should). The routing tables are also exactly the same, except for the
local subnet and of course the ISP gateway they have to go through.
Open to any other suggestions... :-)
-Alan M.
.
- Follow-Ups:
- Re: IPSec, IPTables, multiple subnets
- From: Clifford Kite
- Re: IPSec, IPTables, multiple subnets
- References:
- IPSec, IPTables, multiple subnets
- From: SilkBC
- Re: IPSec, IPTables, multiple subnets
- From: Clifford Kite
- IPSec, IPTables, multiple subnets
- Prev by Date: Re: Kernel module
- Next by Date: Re: Test for configured ethX
- Previous by thread: Re: IPSec, IPTables, multiple subnets
- Next by thread: Re: IPSec, IPTables, multiple subnets
- Index(es):
Relevant Pages
|
