[strongSwan] IPtables -d or marking of ipsec traffic
lux-integ
lux-integ at btconnect.com
Fri Mar 29 23:16:26 CET 2013
Dear All
This is a Strongswan[IPsec]/IPtables question:-
Suppose I have a computer with network-interfaces ppp+ and eth0 of fixed
address say 172.16.0.1 ,
I have IPsec traffic coming through the ppp0 interface which I want to send to
another network
to which eth0 is attached. Suppose this other network sits on a 10.10.10.0
subnet.
In my IPtables script (for the computer with the ppp+ interface ), could I
have a line such as the following therein:-
iptables \
--append INPUT \
--match policy \
--pol ipsec \
--dir in \
--in-interface ppp0 \
--destination 10.10.10.10
though I do not have the 10.10.10.0 on this machine ?
Alternatively If this is not possible is there a way to mark the packets to
identify their destination prior to sending them on?
Advice would be appreciated
Sincerely
luxInteg
More information about the Users
mailing list