Which is first - chicken or egg?

Brett Worth brettw at cray.com.au
Mon Apr 15 10:49:24 EST 2002

On Mon, 15 Apr 2002, Howard Lowndes wrote:

> I am trying to set up IPSec tunnels in an environment where the external
> interface of the router/tunnel box has a NAT'd address using netfilter,
> and for some reason the inbound packets arn't being DNAT'd as I want them.

Are we talking about FreeS/WAN here?  One thing I'm not sure about in your
description is why you have to do NAT.  You say your upstream provider is
giving you an RFC1918 address.  Are you then doing another translation for
machines behind you?

> BTW, I am having to DNAT because the upstream carrier uses RFC1918
> addresses at their interface.

I'm using FreeS/WAN at home with a dynamic IP address given to me by
WebOne.  I then do rsasig authentication to the server and vice-versa so I
dont need a consistent IP address.


More information about the linux mailing list