Potrebbe andare bene uno schema cosi composto host-a => host-b(nat,freeswan) => host-c(routing) => host-d(nat,freeswan) => host-e La configurazione degli host coinvolti la ipotizzo piu' o meno questa: ------------------------------------------------------------------------------------ host-a:~# ifconfig eth0 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 host-a:~# route add default 192.168.0.254 host-a:~# ping -c 1 192.168.3.1; ssh my_user_host_e@xxxxxxxxxxx ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ host-b:~# ifconfig eth0 192.168.0.254 netmask 255.255.255.0 broadcast 192.168.0.255 host-b:~# ifconfig eth1 192.168.1.254 netmask 255.255.255.0 broadcast 192.168.1.255 host-b:~# route add default 192.168.1.253 host-b:~# echo "1" > /proc/sys/net/ipv4/ip_forward host-b:~# iptables -t NAT -A POSTROUTING -o eth1 -j MASQUERADE host-b:~# /etc/init.d/freeswan restart host-b:~# cat /etc/ipsec.conf config setup interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes conn %default keyingtries=0 disablearrivalcheck=no authby=rsasig leftrsasingkey=%dns rigthrsasigkey=%dns conn prova left=192.168.2.254 leftsubnet=192.168.3.0/24 leftnexthop=192.168.2.253 rigth=192.168.1.254 rigthsubnet=192.168.0.0/24 rigthnexthop=192.168.1.253 auto=start ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ host-c:~# ifconfig eth0 192.168.1.253 netmask 255.255.255.0 broadcast 192.168.1.255 host-c:~# ifconfig eth1 192.168.2.253 netmask 255.255.255.0 broadcast 192.168.2.255 host-c:~# tcpdump -i any -n > sniff ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ host-d:~# ifconfig eth0 192.168.2.254 netmask 255.255.255.0 broadcast 192.168.1.255 host-d:~# ifconfig eth1 192.168.3.254 netmask 255.255.255.0 broadcast 192.168.2.255 host-d:~# route add default 192.168.2.253 host-d:~# echo "1" > /proc/sys/net/ipv4/ip_forward host-d:~# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE host-d:~# /etc/init.d/freeswan restart host-b:~# cat /etc/ipsec.conf config setup interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes conn %default keyingtries=0 disablearrivalcheck=no authby=rsasig leftrsasingkey=%dns rigthrsasigkey=%dns conn prova left=192.168.2.254 leftsubnet=192.168.3.0/24 leftnexthop=192.168.2.253 rigth=192.168.1.254 rigthsubnet=192.168.0.0/24 rigthnexthop=192.168.1.253 auto=start ------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ host-e:~# ifconfig eth0 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255 host-e:~# route add default 192.168.3.254 host-a:~# ping -c 1 192.168.0.1; ssh my_user_host_a@xxxxxxxxxxx ------------------------------------------------------------------------------------ -- Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO "subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx