[strongSwan] Why doesn't table 220 change forwarded packets source IP address?
Richard Chan
richard at treeboxsolutions.com
Sat Nov 5 18:01:57 CET 2016
Hi, in the roadwarrior configuration, from a conceptual point of view, why
doesn't table 220 change the source IP address of forwarded packets (say
the roadwarrior has a subnet behind it)?
# ip ro sho table 220
10.0.0.0/8 via 192.168.1.1 dev eth0 proto static src 10.2.0.3
# ip rule show
0: from all lookup local
220: from all lookup 220
32766: from all lookup main
32767: from all lookup default
roadwarrior has a separate subnet 192.168.2.0/24 and is forwarding/NAT'ing
packets. When I ping a host on the central site LAN
- OUTPUT chain sees the source IP address as 10.2.0.3 (table 220 is
working!)
- FORWARD chain sees the source IP address as 192.168.2.X (host cannot be
reached until these packets are SNAT'ed to 10.2.0.3)
--
Richard Chan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161106/ddf93a15/attachment.html>
More information about the Users
mailing list