You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently fwknopd supports the iptables MASQUERADE target, but only if DNAT rules are also used. A use case reported by "spartan1833" to the fwknop mailing list is to have fwknopd gate communications that would otherwise be forwarded through a gateway. So, internal clients would have their default gateway set to the internal IP of the system running fwknopd, and would only be allowed to send packets through the gateway after producing a valid SPA packet. The main problem before this issue is closed is that currently NAT operations are applied to IP packets that are sent directly to the gateway IP where fwknopd is running. What needs to be changed is that ability for clients to send packets to arbitrary destination IP's (and therefore DNAT is not needed) and have fwknopd manage MASQUERADE accept rules.
The text was updated successfully, but these errors were encountered:
Currently fwknopd supports the iptables MASQUERADE target, but only if DNAT rules are also used. A use case reported by "spartan1833" to the fwknop mailing list is to have fwknopd gate communications that would otherwise be forwarded through a gateway. So, internal clients would have their default gateway set to the internal IP of the system running fwknopd, and would only be allowed to send packets through the gateway after producing a valid SPA packet. The main problem before this issue is closed is that currently NAT operations are applied to IP packets that are sent directly to the gateway IP where fwknopd is running. What needs to be changed is that ability for clients to send packets to arbitrary destination IP's (and therefore DNAT is not needed) and have fwknopd manage MASQUERADE accept rules.
The text was updated successfully, but these errors were encountered: