I have a system with two interfaces, eth0 is on the Internet, eth1 on an internal connection. Because of using ipsec and its internal routing, I need certain connections to be made from the internal interface that will be going out over the ipsec0 device. For example: eth0: 1.2.3.4 (internet address) ipsec0: 1.2.3.4 (always the same as the external interface) eth1: 192.168.0.1 (internal address) ping -n 192.168.1.1 (over VPN) attempts to send a ping from 1.2.3.4 because ipsec0''s interface address is 1.2.3.4. How can I get arbitrary connects, based on destination, to be sourced from 192.168.0.1 instead of 1.2.3.4? I''m assuming some basic source NATting is required; off to read the docs again ... -- Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/
On Mon, Dec 24, 2001 at 03:57:24PM -0500, Michael T. Babcock wrote:> I''m assuming some basic source NATting is required; off to read the > docs again ...I hate self-follow-ups, but after reading the SNAT target for iptables, that''s exactly what I need, except on a 2.2.19 kernel. I''d love to migrate to 2.4.x but we have a driver that doesn''t work properly on 2.4, so we''re stuck on 2.2.x for the reasonable future. Any way to do SNAT or another way to do what I described using 2.2.x? -- Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/
> Any way to do SNAT or another way to do what I described using 2.2.x?You could try something like : ip route add 192.168.1.0/24 dev ipsec0 src 192.168.1.1 ^^^^^^^^^^^^^^^ To enforce specific source-address selection. Jerome Petazzoni <skaya at enix dot org> -- ''I''ll tell you this!'' shouted Rincewind. ''I''d rather trust me than history! Oh, shit, did I just say that?'' (Interesting Times)