Hi Guys I need your help
I have two sites connected with IPSEC Tunnel ( Host to Host)
A private subnet = 172.168.1.0/24 and has 172.168.1.20 ip on eth1
B private subnet = 172.168.2.0/24 and has 172.168.2.1 LAN machines IP start from 2.3
A wants a host to host connectivity from other ip say 192.168.1.1/32 as he defined
all his rules and traffic through 192.168.1.1/32
I made the tunnel and it is perfectly working below is the configuration
conn clearos-pc-72
type=tunnel
authby=secret
auto=start
left=10.0.0.101 -----> consider it has a public Ip from B site
leftnexthop=%defaultroute
leftsourceip=192.168.1.1
right=10.0.0.72 -----> consider it as a public Ip from A site
rightnexthop=%defaultroute
rightsourceip=172.168.1.20
I am the administrater of Site B, From firewall B ( 172.168.2.1) i can access
A site iP ( 172.168.1.20) also I can able to access B site Ip (192.168.1.1) without any issue
Now I need to access A site IP- 1.20 from B site Local LAN machines but i can't because
the allowed IP from B side is only 192.168.1.1. Now i wanted to NAT 192.168.1.1 with 172.168.2.0/24
so all site B LAN Machines can reach to 172.168.1.20 via IP 192.168.1.1 and site A can see the
traffic only from 192.168.1.1
I am using Linux based ( IPtables) firewall, please let me know the rules
which i can put so that i can communicate without any issue
I have two sites connected with IPSEC Tunnel ( Host to Host)
A private subnet = 172.168.1.0/24 and has 172.168.1.20 ip on eth1
B private subnet = 172.168.2.0/24 and has 172.168.2.1 LAN machines IP start from 2.3
A wants a host to host connectivity from other ip say 192.168.1.1/32 as he defined
all his rules and traffic through 192.168.1.1/32
I made the tunnel and it is perfectly working below is the configuration
conn clearos-pc-72
type=tunnel
authby=secret
auto=start
left=10.0.0.101 -----> consider it has a public Ip from B site
leftnexthop=%defaultroute
leftsourceip=192.168.1.1
right=10.0.0.72 -----> consider it as a public Ip from A site
rightnexthop=%defaultroute
rightsourceip=172.168.1.20
I am the administrater of Site B, From firewall B ( 172.168.2.1) i can access
A site iP ( 172.168.1.20) also I can able to access B site Ip (192.168.1.1) without any issue
Now I need to access A site IP- 1.20 from B site Local LAN machines but i can't because
the allowed IP from B side is only 192.168.1.1. Now i wanted to NAT 192.168.1.1 with 172.168.2.0/24
so all site B LAN Machines can reach to 172.168.1.20 via IP 192.168.1.1 and site A can see the
traffic only from 192.168.1.1
I am using Linux based ( IPtables) firewall, please let me know the rules
which i can put so that i can communicate without any issue
Share this post:
Accepted Answer
Are you getting your subnets mixed up (192/172)? Also note that 172.168.x.y is not a valid LAN subnet unless you own it.
The normal way of achieving what you want would be to use the left/rightsubnet parameter to allow a whole subnet through the tunnel, but the other side must agree.
Alternatively you could try the following rule:
The normal way of achieving what you want would be to use the left/rightsubnet parameter to allow a whole subnet through the tunnel, but the other side must agree.
Alternatively you could try the following rule:
iptables -I POSRTOUTING -t nat -d 172.168.1.20 -j SNAT --to-source 192.168.1.1
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »