[strongSwan] PAT

Sean Courtney scourtney2000 at gmail.com
Fri Feb 26 22:07:20 CET 2016


Hi Noel,

I looked at the man for iptables-extensions. i guess i don't want
netmap at all...i want snat. Does strongswan support snat?

Thanks,
Sean

On Fri, Feb 26, 2016 at 3:54 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
> Hello Sean,
>
> Please always send your email to the mailing list, too.
> The scenario only shows the *filter table of iptables, but NAT rules are in the *nat table.
> You need to look at the source of the scenario in the repository to see all the rules.
>
> It's really not that fancy. The iptables target is described on the man page for `iptables` or `iptables-extensions`.
>
>
> On 26.02.2016 21:42, Sean Courtney wrote:
>> HI,
>>
>> I did look at the example outlined here before posting.
>>
>> https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/
>>
>> The example uses NETMAP to translate subnets into new subnets with the
>> same subnet mask.
>>
>> I want to do PAT. Is there an example of NETMAP doing PAT? Can NETMAP do PAT?
>>
>> I must be overlooking something so obvious.
>>
>> Thanks
>>
>> On Fri, Feb 26, 2016 at 3:12 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>> > Hello Sean,
>>> >
>>>> >> I really want to PAT my IPSEC'd subnets. Is there anyone to PAT an
>>>> >> entire subnet with StrongSwan?
>>> > Handling the traffic is done in the kernel.
>>> > Use the NETMAP target in iptables and negotiate policies that secure the traffic between
>>> > your desired subnet and the remote side.
>>> >
>>> > --
>>> >
>>> > Mit freundlichen Grüßen/Kind Regards,
>>> > Noel Kuntze
>>> >
>>> > GPG Key ID: 0x63EC6658
>>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>> >
>>> >
>>
>> -- Sean Courtney Ph - 410 878 7833
>
>
> --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>



-- 
Sean Courtney
Ph - 410 878 7833


More information about the Users mailing list