Fedora 6 running openswan.
I have ran into an interesting iptables problem. I'd like to source NAT my external address to my internal address when it goes out to a specific subnet. I guess this would be an easy source nat rule but here is the catch, one address (My ipsec endpoint which is in the same subnet on the other side has to be excluded), also I want the external address to go out as itself when it goes to google etc (anything but the external subnet)
iptables -t nat -A POSTROUTING -o ipsec0 -s 68.x.x.x -d 141.x.x.x/16 - d !141.0.0.1/32 -j SNAT --to 192.168.50.1
I know this statement makes no sense since multiple -d are not allowed but that is what I am looking for?
The reason behind this: I have two ipsec endpoints (one at home and one at work) and while I can get to each others encryption domains from behind respective systems, i'd like to be able to do the same from the machine itself too. And I want that connection to be encrypted.
anyone?