Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] FreeS/wan trough NATing Router
>> 192.168.1.0/24 as Subnet1 -->
>> 192.168.1.1 : 10.10.10.1 as FreeS/Wan Router 1-->
>> 192.168.10.11 : ext.ip.addr.no1 as external router does nat -->
>> INTERNET
>> INTERNET <-- ext.ip.addr.no2 : 192.168.2.1 : as FreeS/Wan Router 2
>> 192.168.2.0/24 as Subnet 2

>your config looks screwed to me. I might be misunderstanding you (i cant
see
>where the hell the ip 10.10.10.1 comes into things, for example), but your
>definition of the problem makes no sense. For example,

>192.168.10.11 is this machine a gateway?

yes, but i do not own it, thats why there comes double NAT in game

>whats the gateway at the other end? you dont seem to mention one.

ext.ip.addr.no2 : 192.168.2.1 , that does NAT for subnet 2

>Does this mean you dont use NAT the other end?

Both FreeS/Wan Router 1 as well as FreeS/Wan Router 1 are my boxes
and doing NAT-gateway for Subnet1&2

>but from the ip of the freeswan
>machine, you use 192.168.2.1, which means you do use nat, yes?

as above

>Also, are the ext ip addresses fixed?

Yes

>in theory, the machines running freeswan would need external (fixed) IP's
to communicate.

Thats the point here, subnet 1 gets double NATed through 10.10.10.1 and
ext.ip.addr.no1

>If they both sites behind nat walls, how does your external router know how
to route traffic
between the subnets?

only one side is behinde a net wall. Just an example

192.168.1.100 to 192.168.2.200 :

192.168.1.100 --- [gateway]---> 192.168.1.1 [NAT] 10.10.10.1 --[gateway]-->
10.10.10.11[NAT] ext.ip.addr.no1 ---> INTERNET ROUTING
--->ext.ip.addr.no2 [NAT]192.168.2.1----->[gateway]--->192.168.200.200

I've got no routing problem until know, but the message:

initial Main Mode message received on ext.ip.addr.2 :500 but no connection
has been authorized

Further ideas ???

Thx in advance

Michael


< Previous Next >