iptables, FC6 and openswan

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Fedora 6 running openswan.

I have ran into an interesting iptables problem. I'd like to source NAT
my external address to my internal address when it goes out to a
specific subnet. I guess this would be an easy source nat rule but here
is the catch, one address (My ipsec endpoint which is in the same
subnet on the other side has to be excluded), also I want the external
address to go out as itself when it goes to google etc (anything but
the external subnet)

iptables -t nat -A POSTROUTING -o ipsec0 -s 68.x.x.x -d 141.x.x.x/16  -
d !  -j SNAT --to

I know this statement makes no sense since multiple -d are not allowed
but that is what I am looking for?

The reason behind this:
I have two ipsec endpoints (one at home and one at work) and while I
can get to each others encryption domains from behind respective
systems, i'd like to be able to do the same from the machine itself
too. And I want that connection to be encrypted.


Site Timeline