[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: routing through FreeS/WAN
For those net-challenged - as I sometimes have found myself to be - It
would be REALLY useful to jot down a few things that you did to solve your
problem. Start with the problem and a simple diagram (change real IP
numbers to non-routables or something so you don't compromise your
security), then walk us through your solution (include the hair you pulled
and the pain that prompted the scream for help). I, for one, would
definitely appreciate it!
;)
At 04:41 PM 4/4/03 -0600, you wrote:
>I figured it out. I needed to add a PREROUTING rule to the right side's
>iptables and DNAT the 200.0.14.0/24 network to the LAN IP of the gateway
>in the left side.
>
>Thanks anyway.
>On Fri, 2003-04-04 at 16:09, Dan Fleischer wrote:
> > ****** I NEED TO GET TO THE 200.0.14.0/24 (private) NETWORK ACROSS MY
> > VPN********
> >
> > I'm running FreeS/WAN AND iptables on RH7.3 with all ports on all IPs
> > are available from each LAN across the VPN (ping, telnet, ssh, terminal
> > server, etc.). I'm having problems getting one VPN gateway to ping or
> > ssh to the LAN IP of the other VPN gateway (or any other host on the
> > other LAN), which I normally would like, but I suspect that is leading
> > to the following problem
> >
> > Here's my layout:
> >
> > LEFT
> > leftnexthop:63.252.12.1
> > WAN:63.252.12.11
> > LAN:192.168.1.1, net 192.168.1.0/24
> > Internal router 192.168.1.254 is gw to 200.0.14.0/24, a private line to
> > our ASP by adding the following rule to iptables to use that default
> > route:
> >
> > /sbin/iptables -A FORWARD -i $IF_LAN -o $IF_LAN -d 192.168.1.254 \
> > -j ACCEPT
> >
> > Right
> > rightnexthop:216.176.82.254
> > WAN:216.176.82.64
> > LAN:10.4.1.1, net 10.4.0.0/16
> >
> > ****** I NEED TO GET TO THE 200.0.14.0/24 NETWORK ACROSS MY VPN********
> >
> > How would I configure iptables of FreeS/WAN or both to allow for this?
> >
> > I've tried to add the following routes individually to the right vpn
> > gateway, but was unsuccessful:
> > /sbin/route add -net 200.0.14.0 netmask 255.255.255.0 gw 10.4.1.1 ipsec0
> > /sbin/route add -net 200.0.14.0 netmask 255.255.255.0 gw 192.168.1.254
> > ipsec0
> >
> > How could I get this routed across my VPN?
> >
> > --
> > Dan Fleischer
> > Systems Administrator
> > Bank & Trust Co.
> > 401 N. Madison St.
> > Litchfield, IL 62056
> >
> > Ph. 217-324-3935
> > http://www.bank-and-trust.com
> >
> >
> > -
> > To unsubscribe, send email to majordomo@luci.org with
> > "unsubscribe luci-discuss" in the body.
> >
>--
>Dan Fleischer
>Systems Administrator
>Bank & Trust Co.
>401 N. Madison St.
>Litchfield, IL 62056
>
>Ph. 217-324-3935
>http://www.bank-and-trust.com
>
>
>-
>To unsubscribe, send email to majordomo@luci.org with
>"unsubscribe luci-discuss" in the body.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.