hi tom, Tom Eastep wrote: > Sergio A. Kessler wrote: > >> I also tried with: >> # cat /etc/shorewall/masq >> ############################################################################### >> #INTERFACE SUBNET ADDRESS PROTO PORT(S) >> IPSEC >> eth0 eth1 $EXT_SALIDA >> eth0 eth3 $EXT_SALIDA >> eth0 eth1 $EXT_VPN 47 >> >> but the problem remains, >> the protocol 47 is not being SNAT'ed with the correct external IP. > > Try putting the GRE entry first -- in /etc/shorewall/masq, the first match is > the one that is used.
yes !! it worked ! thanks tom ! anyway, I'm still wondering why the rule -- in /etc/shorewall/rules DNAT ext dmz:$DMZ_VPN 47 - - $EXT_VPN is not working as I expected... thanks, /sergio ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
