On Wed, Aug 22, 2001 at 09:14:23PM -0400, Jay Berkenbilt wrote:
> This is a different situation from what we are talking about. You are
> masquerading packets that arrive at your gateway and are decrypted
> there to your Internet address. The masqueraded packets are going out
> through eth0. The situation we are describing is that we want the
> masqueraded packets to go through cipe.
> Your situation:
> host 1 <--- cipe ---> gateway < ----> internet
> gateway masquerades host1 as gateway.
> Our situation:
> host 1 <--- local net ---> gw1 <--- cipe ---> gw2
> we want host1 to masqueraded as gw1 to gw2.
> Put still another way, your source addresses are on the other side of
> your cipe interfaces. Our destination addresses are on the other side
> of our cipe interfaces.
> So your situation is actually not masquerading through cipe at all.
> The packets have left the VPN before they get masqueraded. No
> interaction between cipe and iptables is required.
hmm okay, hadnt realised, also have not needed to try masquerading before the
cipe link, what stops you all from masquerading on the other end of the cipe
link? Just wondering...
Look Up In The Sky
Is it a bird? No
Is it a plane No
Is it a small blue banana?