[strongSwan] PAT

Noel Kuntze noel at familie-kuntze.de
Fri Feb 26 21:54:44 CET 2016


Hello Sean,
       
Please always send your email to the mailing list, too.
The scenario only shows the *filter table of iptables, but NAT rules are in the *nat table.
You need to look at the source of the scenario in the repository to see all the rules.

It's really not that fancy. The iptables target is described on the man page for `iptables` or `iptables-extensions`.


On 26.02.2016 21:42, Sean Courtney wrote:
> HI,
>
> I did look at the example outlined here before posting.
>
> https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/
>
> The example uses NETMAP to translate subnets into new subnets with the
> same subnet mask.
>
> I want to do PAT. Is there an example of NETMAP doing PAT? Can NETMAP do PAT?
>
> I must be overlooking something so obvious.
>
> Thanks
>
> On Fri, Feb 26, 2016 at 3:12 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>> > Hello Sean,
>> >
>>> >> I really want to PAT my IPSEC'd subnets. Is there anyone to PAT an
>>> >> entire subnet with StrongSwan?
>> > Handling the traffic is done in the kernel.
>> > Use the NETMAP target in iptables and negotiate policies that secure the traffic between
>> > your desired subnet and the remote side.
>> >
>> > --
>> >
>> > Mit freundlichen Grüßen/Kind Regards,
>> > Noel Kuntze
>> >
>> > GPG Key ID: 0x63EC6658
>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>> >
>> >
>
> -- Sean Courtney Ph - 410 878 7833


-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160226/f770f15e/attachment.pgp>


More information about the Users mailing list