Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] FreeS/wan trough NATing Router
>> as Subnet1 -->
>> : as FreeS/Wan Router 1-->
>> : ext.ip.addr.no1 as external router does nat -->
>> INTERNET <-- ext.ip.addr.no2 : : as FreeS/Wan Router 2
>> as Subnet 2

>your config looks screwed to me. I might be misunderstanding you (i cant
>where the hell the ip comes into things, for example), but your
>definition of the problem makes no sense. For example,

> is this machine a gateway?

yes, but i do not own it, thats why there comes double NAT in game

>whats the gateway at the other end? you dont seem to mention one.

ext.ip.addr.no2 : , that does NAT for subnet 2

>Does this mean you dont use NAT the other end?

Both FreeS/Wan Router 1 as well as FreeS/Wan Router 1 are my boxes
and doing NAT-gateway for Subnet1&2

>but from the ip of the freeswan
>machine, you use, which means you do use nat, yes?

as above

>Also, are the ext ip addresses fixed?


>in theory, the machines running freeswan would need external (fixed) IP's
to communicate.

Thats the point here, subnet 1 gets double NATed through and

>If they both sites behind nat walls, how does your external router know how
to route traffic
between the subnets?

only one side is behinde a net wall. Just an example to : --- [gateway]---> [NAT] --[gateway]-->[NAT] ext.ip.addr.no1 ---> INTERNET ROUTING
--->ext.ip.addr.no2 [NAT]>[gateway]--->

I've got no routing problem until know, but the message:

initial Main Mode message received on ext.ip.addr.2 :500 but no connection
has been authorized

Further ideas ???

Thx in advance


< Previous Next >