RE: kernel 2.6 ipsec and DNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Javier Sanchez <sjllera@ya.com>
To: Brent Clark <bclark@eccotours.biz>
Cc: netfilter@lists.netfilter.org
Subject: RE: kernel 2.6 ipsec and DNAT
Date: Mon, 13 Sep 2004 12:32:49 +0200	[thread overview]
Message-ID: <1095071569.27900.963.camel@cluster> (raw)
In-Reply-To: <HAEOIFPIBBBLGLHOMLLIMEFACMAA.bclark@eccotours.biz>



I need nat because the internal ips are private, and the firewall is a
little server i have at home, i dont think about getting another server.
So all the services are on it, quake server, enemy territory, voip, ftp,
http, vpns...

Gateway and clients are on the same subnet, but theres more than one nic
on the server to separate and control the traffic in a better way.

Cheers

?A
> >Hi all,
> 
> >i have recently discovered on the list that more people is suffering the
> >nat problem with ipsec vpn tunnels on 2.6.x kernels, does anyone know if
> >its fixed on 2.6.8.1 ??
> 
> >The unique way i found to bypass the nat problem is using a proxy server
> >(squid), not the best solution but for now im able to surf the web .-)
> 
> Hi all
> 
> Sorry for my ignorance.
> 
> But why would nat a vpn tunnel be a problem.
> Are there certain requirement for creating tunnel.
> Can the vpn server \ client be on the same box as the iptables
> gateway\router\firewall.
> 
> If I remember from Anthony Stone (who seems to be missing in action, anyone
> know why) correctly, its best to not have
> any services running on fw.
> 
> just something I was wondering.
> 
> Kind Regards
> Brent Clark.
> 
> 
> 
-- 
GPG Key id: 0x0EF8926E
GPG: Server - gpg.rediris.es

next prev parent reply	other threads:[~2004-09-13 10:32 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-13  9:48 kernel 2.6 ipsec and DNAT Javier Sanchez
2004-09-13 10:29 ` Brent Clark
2004-09-13 10:32   ` Javier Sanchez [this message]
2004-09-16  5:25   ` Michael Leun
  -- strict thread matches above, loose matches on Subject: below --
2004-09-03 17:01 Alain RICHARD
2004-09-03 22:31 ` Alexander Samad
2004-09-10  6:13   ` Michael Leun
2004-09-10  6:59     ` Alexander Samad

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1095071569.27900.963.camel@cluster \
    --to=sjllera@ya.com \
    --cc=bclark@eccotours.biz \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.