hi,
we got a ipsec-box here that´s set up to tunnel to another
vpn-gateway. the users on the LAN behind the other ("remote", "right")
vpn-gateway are using 10.10.x.x addresses and they want us to use
addresses from 10.10.x.x so that they can reach our local machines via
routing decisions on their vpn-gateway (apparently a cisco-box).
the problem is that we are on a 192.168.x.x-network.
I was able to set up the vpn-tunnel so that a client-box from the
remote lan with f.ex. 10.10.1.5 can ping 192.168.0.5 on our lan.
when the packets are passing through my vpn-gateway I have to change
the source-IP because it is not the default gateway of my network.
$iptables -t nat _A POSTROUTING -s 10.10.1.0/24 -j SNAT --to-source
192.168.0.8
that works fine.
but now the other side wishes to connect to f.ex. 10.20.1.5 when they
in fact want to connect to 192.168.0.5 on my lan. how is it possible to
"translate" an ipaddress 10.20.1.5 to 192.168.0.5 on my vpn-gateway?
I tried it with
$iptables -t nat -A PREROUTING -d 10.20.1.5 -j DNAT --to-destination
192.168.0.5
but that does not work. the only thing I can see is on the
WAN-interface of my vpn-gateway that 192.168.0.5 wants to go back via
the internet to the other vpn-gateway and of course that cant work :-(
any suggests?
thanx a lot in advance!
lasseboo
|
Similar Threads
Linear Mode
