masquerade & ipsec
Stephen Clark
Stephen.Clark at seclark.us
Sun Jul 2 00:57:34 CEST 2006
Hello,
I am running kernel 2.6.16-1.2115_FC4 - I have network that looks like this:
FreeBSD FC-4
10.0.128.0/17 <-> 10.0.254.254-65.162.x.x ipsec tunnel
24.x.x.x-192.168.2.1 <-> 192.168.2.0/24
Some change recently caused masquerading to happen on my FC-4 box before
ipsec happens
so my packets from my 192.168.2.0/24 network have the source address
changed to my external interface address and don't get picked up by the
SA. If I turn off masquerading
then ipsec works again. I didn't use to have this problem.
Ideas?
TIA,
Steve
I
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
More information about the netfilter-devel
mailing list