IPTables NAT - Excluding Subnets for IPSec VPN
Good Morning!
I have a Ubuntu 10.10 box which i've developed an IPTables Firewall script and is forwarding my ports correctly. This service also runs Openswan VPN Server with 2 VPN's, which is also working well. I have come across a small snag with excluding the multiple VPN subnets I have from the NAT on this box. I have the line in my configuration file: -A POSTROUTING -o eth1 -s 10.172.1.0/24 -d ! 192.168.5.0/24 -j MASQUERADE Which when added to IPTables does make the VPN come to life. But I can't seem to get it to add the second subnet. Unfortunately, I can't do a blanket exclusion such as 192.168.0.0/16 because the second VPN is on a Class B subnet address which I cannot change. Is there anything obvious i'm doing wrong?? This seems like a relatively straight forward procedure but Google didn't turn up very helpful responses. So if anyone out there can help. It would be very much appreciated :) Cheers, BF |
It is not necessary to use one rule for every thing. You can add as many matching rules as you like - one for subnet.
|
i know its too late to answer, but i looking and answer to do exactly this and cannot find any, so i answer for someone else that need it, for this to work you need to use ipset
Code:
ipset create ipsecvpn hash:net |
All times are GMT -5. The time now is 09:31 PM. |