kernel 2.6 ipsec and DNAT

Javier Sanchez sjllera at
Mon Sep 13 12:32:49 CEST 2004

I need nat because the internal ips are private, and the firewall is a
little server i have at home, i dont think about getting another server.
So all the services are on it, quake server, enemy territory, voip, ftp,
http, vpns...

Gateway and clients are on the same subnet, but theres more than one nic
on the server to separate and control the traffic in a better way.


> >Hi all,
> >i have recently discovered on the list that more people is suffering the
> >nat problem with ipsec vpn tunnels on 2.6.x kernels, does anyone know if
> >its fixed on ??
> >The unique way i found to bypass the nat problem is using a proxy server
> >(squid), not the best solution but for now im able to surf the web .-)
> Hi all
> Sorry for my ignorance.
> But why would nat a vpn tunnel be a problem.
> Are there certain requirement for creating tunnel.
> Can the vpn server \ client be on the same box as the iptables
> gateway\router\firewall.
> If I remember from Anthony Stone (who seems to be missing in action, anyone
> know why) correctly, its best to not have
> any services running on fw.
> just something I was wondering.
> Kind Regards
> Brent Clark.
GPG Key id: 0x0EF8926E
GPG: Server -

More information about the netfilter mailing list