Group: comp.os.linux.networking
From: Sandro
Date: Wednesday, March 19, 2008 7:33 AM
Subject: Re: IPSEC tunnel problem

On 19 Mar, 11:58, Pascal Hambourg
wrote:
> Hello,
>
> Sandro a =E9crit :
>
> > Hi, i have to configure an ipsec tunnel beetwen a netgear DG834 and a
> > linux box with Debian Sarge.
> > The ipsec tunnel goes up and if I try to ping from netgear to every
> > machine of linux lan it works. But if i ping from linux LAN to
> > netgears lan it doesn' t work.
> [...]
> > -A POSTROUTING -o eth1 -s 192.168.0.0/255.255.255.0 -j MASQUERADE
>
> You should exclude the IPsec traffic (both encapsulated and
> decapsulated) from the masquerading :
>
> iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 \
> =A0 =A0-d ! 192.168.1.0/24 -j MASQUERADE
>
> PS : if eth1 has a fixed IP address you could use SNAT instead of
> MASQUERADE.

Thank you, it works!!

Safety Articles | Usenet Groups | Usenet News | Bluegrass