Racoon with SNAT

I have established an IPSEC tunnel between a Linux host and a Check Point
firewall using the inbuilt IPSEC support of the 2.6 kernel together with
Racoon.

My problem is that I have two networks behind the Linux host, one of which
conflicts with the subnet behind the CP firewall. I only need to initiate
connections from the Linux side on the conflicting network, so I want to
translate the source IP of packets passing over the tunnel to that of my
other Linux-based network.

I've created the NAT rule (using fwbuilder); however the firewall is routing
the packet rather than passing it over the IPSEC tunnel.

Does anyone know if what I'm trying to achieve is possible on my Linux host?

Cheers,
Can

Can2002 wrote:
> I have established an IPSEC tunnel between a Linux host and a Check Point
> firewall using the inbuilt IPSEC support of the 2.6 kernel together with
> Racoon.
>
> My problem is that I have two networks behind the Linux host, one of which
> conflicts with the subnet behind the CP firewall. I only need to initiate
> connections from the Linux side on the conflicting network, so I want to
> translate the source IP of packets passing over the tunnel to that of my
> other Linux-based network.
>
> I've created the NAT rule (using fwbuilder); however the firewall is routing
> the packet rather than passing it over the IPSEC tunnel.
>
> Does anyone know if what I'm trying to achieve is possible on my Linux host?

Assuming this is still of interest (I haven't been following the group)
I think you can use the MARK feature to identify the packets to be sent,
and then source routing to force the packets out the tunneled interface.

--
bill davidsen
SBC/Prodigy Yorktown Heights NY data center
http://newsgroups.news.prodigy.com