[ previous ] [ next ] [ threads ]
 
 From:  Josh <josh at nemesis dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  "Peer Dicken" <peer at dicken dot name>
 Subject:  Re: [m0n0wall] Routing / NAT issue
 Date:  Wed, 29 Sep 2004 07:31:30 -0700
On Wed, 29 Sep 2004 10:37:13 +0200, Peer Dicken <peer at dicken dot name> wrote:

> Am 28.09.2004 um 16:14 schrieb Peer Dicken:
>> My client's lan is 172.16.48.0 / 24. We need to establish a tunnel to
>> another network with 172.16.0.0/16.
>> I know this is - ahh - difficult. I want to get around it and created
>> a VLAN interface 192.168.233.254 / 24 which is used as the local
>> subnet in the ipsec definition.

> I thought I could do this with outbound NAT, but it does not work. Does
> really nobody have a hint for this problem? I want to NAT our LAN,
> using the 192.168.233 network. The other LAN has a route to
> 192.168.233.254, which is the VLAN interface.

FreeBSD _may_ be able to do this (not sure), but I'd say it's unlikely  
you'll get m0n0 to do this with just 2 boxes.

However - it might be possible to make this work with 3 boxes, using
a dedicated m0n0 just to do 1:1 NAT..

IE:

172.16.48.0/24 <->  1:1 NAT m0n0 <-> 192.168.233.0/24 <-> VPN m0n0 <->  
172.16.0.0/16

I'm not sure if m0n0 will intercept DNS lookups for it's 1:1 NAT like some  
of the expensive firewalls.. If it doesn't you could have a lot of  
problems.

-josh