Re: iptables masquerading
On Feb 4, 2008 4:09 AM, Stephen Gran <sgran@debian.org> wrote:
> And traffic out eth0 is NAT'ted (wrongly - note the missing netmask)
Ahhh...that was an email typo, I was using a /24.
> So, I'm assuming that your network is something like:
>
> ---------- ----------- ------------
> | LAN | | Router | | VPN LAN |
> ---------- ----------- ------------
> \eth0/ \tap0/
>
> and you want to route traffic from LAN to VPN LAN.
>
> You need to accept traffic coming in eth0 and exiting tap0. You
> currently only accept reply traffic.
Which is fine, this is for outbound traffic from firewall'ed and vpn'ed clients
> You'll find it easier to NAT traffic going out tap0 (SNAT instead of
> DNAT).
I switched to SNAT (instead of MASQUERADE) and was able to get this to work.
Thanks all,
-Jim P.
Reply to: