Iptables, NAT'ing and VPN's

Jonty · Posted: Thu Dec 01, 2005 1:47 pm Post subject: Iptables, NAT'ing and VPN's

Hi,

I would like to setup my box to provide network management to some small remote clients via VPN's (openswan). I would like to setup a fake IP address range to represent their network. This ensures, at least form the management point of view (Nagios/MRTG etc) that the hosts have unique addresses. I would then like NAT to translate these address back to the 'real' ones, and then have that VPN'ed. I have tried to get IPTABLES to pre-NAT the destination address, but I can't seem to get it to work. Does the fact that the host is the one generating the packets, NAT'ing them and VPN'ing them make this more complicated?

Hope that makes sense,

Jonty
_________________
Alas, I am dying beyond my means.

slam_head · Posted: Thu Dec 01, 2005 7:00 pm Post subject:

My office has the following setup. Three locations VPN'd together using openvpn. The NAT and iptables are managed through shorewall, and we have nagios(client), and snort(server) running on the machine. We use a different class c for each office. I.E.

Office A = 10.0.0.0 / 255.255.255.0
Office B = 10.0.1.0 / 255.255.255.0
Office C = 10.0.2.0 / 255.255.255.0

The VPN is set up as a full mesh so each office has a tun0 and tun1 interface going to each other office.

Jonty · Posted: Fri Dec 02, 2005 1:32 am Post subject:

Thanks for your time slam_head
_________________
Alas, I am dying beyond my means.