0 votes
Hi Guys I need your help
I have two sites connected with IPSEC Tunnel ( Host to Host)
A private subnet = and has ip on eth1
B private subnet = and has LAN machines IP start from 2.3

A wants a host to host connectivity from other ip say as he defined
all his rules and traffic through

I made the tunnel and it is perfectly working below is the configuration
conn clearos-pc-72
left= -----> consider it has a public Ip from B site
right= -----> consider it as a public Ip from A site

I am the administrater of Site B, From firewall B ( i can access
A site iP ( also I can able to access B site Ip ( without any issue
Now I need to access A site IP- 1.20 from B site Local LAN machines but i can't because
the allowed IP from B side is only Now i wanted to NAT with
so all site B LAN Machines can reach to via IP and site A can see the
traffic only from

I am using Linux based ( IPtables) firewall, please let me know the rules
which i can put so that i can communicate without any issue
Thursday, December 22 2016, 02:02 PM
Share this post:

Accepted Answer

Thursday, December 22 2016, 05:00 PM - #Permalink
1 votes
Are you getting your subnets mixed up (192/172)? Also note that 172.168.x.y is not a valid LAN subnet unless you own it.

The normal way of achieving what you want would be to use the left/rightsubnet parameter to allow a whole subnet through the tunnel, but the other side must agree.

Alternatively you could try the following rule:
iptables -I POSRTOUTING -t nat -d -j SNAT --to-source
The reply is currently minimized Show
Responses (1)
  • Accepted Answer

    Friday, December 23 2016, 01:31 PM - #Permalink
    0 votes
    Hi Nick,

    Thanks for your help, yes that what i was looking for. I was near to the answer, but now i know where i was stucked. Actually I am using -A insted of -I that's why my rule was not working..

    Thanks again..
    The reply is currently minimized Show
Your Reply