Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: GentooRulez (paranoiac_user_at_freenet.de)
Date: Fri Aug 09 2002 - 09:11:34 CDT
>> 192.168.1.0/24 as Subnet1 -->
>> 192.168.1.1 : 10.10.10.1 as FreeS/Wan Router 1-->
>> 192.168.10.11 : ext.ip.addr.no1 as external router does nat -->
>> INTERNET <-- ext.ip.addr.no2 : 192.168.2.1 : as FreeS/Wan Router 2
>> 192.168.2.0/24 as Subnet 2
>your config looks screwed to me. I might be misunderstanding you (i cant
>where the hell the ip 10.10.10.1 comes into things, for example), but your
>definition of the problem makes no sense. For example,
>192.168.10.11 is this machine a gateway?
yes, but i do not own it, thats why there comes double NAT in game
>whats the gateway at the other end? you dont seem to mention one.
ext.ip.addr.no2 : 192.168.2.1 , that does NAT for subnet 2
>Does this mean you dont use NAT the other end?
Both FreeS/Wan Router 1 as well as FreeS/Wan Router 1 are my boxes
and doing NAT-gateway for Subnet1&2
>but from the ip of the freeswan
>machine, you use 192.168.2.1, which means you do use nat, yes?
>Also, are the ext ip addresses fixed?
>in theory, the machines running freeswan would need external (fixed) IP's
Thats the point here, subnet 1 gets double NATed through 10.10.10.1 and
>If they both sites behind nat walls, how does your external router know how
to route traffic
between the subnets?
only one side is behinde a net wall. Just an example
192.168.1.100 to 192.168.2.200 :
192.168.1.100 --- [gateway]---> 192.168.1.1 [NAT] 10.10.10.1 --[gateway]-->
10.10.10.11[NAT] ext.ip.addr.no1 ---> INTERNET ROUTING
I've got no routing problem until know, but the message:
initial Main Mode message received on ext.ip.addr.2 :500 but no connection
has been authorized
Further ideas ???
Thx in advance
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here