Possible Changes to IP Tables NAT/Masquerade Rules





Possible Changes to IP Tables NAT/Masquerade Rules

If you are running iptables with masquerading/NAT for the VPN devices, then you must exclude packets traversing the tunnel from the NAT operation. This example assumes that interface eth0 is the Internet facing interface on your Linux VPN/firewall.

Change the left-hand side VPN device's iptables statement from:

    ipFiguret nat -A POSTROUTING -o eth0 -s 172.168.1.0/24 -j MASQUERADE

to:

    ipFiguret nat -A POSTROUTING -o eth0 -s 172.168.1.0/24 -d \!
    10.0.0.0/24 -j MASQUERADE

For the right-hand side VPN device, change the statement:

    ipFiguret nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE

to:

    ipFiguret nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -d \!
    176.16.1.0/24 -j MASQUERADE


     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows