[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans

To: ossig@xxxxxxxxxxx
Subject: Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans
From: SianLun Lau <wahlau@xxxxxxx>
Date: Thu, 4 Nov 2004 11:13:23 +0100
In-Reply-To: <20041104093249.GA13909@bugs.md.com.my>
Organization: not-so-organized
References: <20041104062955.GA11318@bugs.md.com.my><20041104084244.0000409c@wl-lt><20041104075332.GA11792@bugs.md.com.my><20041104091754.00002aba@wl-lt><20041104085549.GA13312@bugs.md.com.my><20041104101815.00006b7a@wl-lt><20041104093249.GA13909@bugs.md.com.my>
Reply-To: ossig@xxxxxxxxxxx
Sender: owner-ossig@xxxxxxxxxxx

On Thu, 4 Nov 2004 17:32:49 +0800
cdemarco@fastmail.fm wrote:

> > if the above sketch is exactly what  you want... it should work,
> > but why do you want NAT between the subnet behind gateway?
> 
> Because,  as you illustrated,  the networks on  either side of the
> VPN aren't the same.   I'm numbered 10.1.1.0/24  "here" and
> 192.168.0.0/24"there".  I can either put a router  in/near the VPN
> endpoints so that the  two networks can talk,  or I can do  NAT.  I 
> thought I mentioned this in my initial email?

the two networks *would* talk to each other as soon as you establish
the tunnel grom gw1 to gw2. the routing table would be updated
automatically (at least with FreeS/WAN or openswan or strongswan). So
once tunnel is established, you can see that all traffic from one
subnet is routed through the IPSEC interface.

so in a way, you don't need NAT in order to make the two networks
realise each other's existance.

SL

---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

Follow-Ups:
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: Christopher DeMarco

References:
- [ossig] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco
- [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNATshenanigans
  - From: SianLun Lau
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans
  - From: SianLun Lau
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake andSNAT shenanigans
  - From: SianLun Lau
- Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
  - From: cdemarco

Prev by Date: Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
Next by Date: Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
Prev by thread: Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
Next by thread: Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans
Index(es):
- Date
- Thread