That could do. I hope. Could you be a little more specific, though? in my "interfaces":
#ZONE INTERFACE BROADCAST OPTIONS fw firewall net eth0 detect routeback and "rules" #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT(S) PORT(S) DEST LIMIT GROUP #SECTION ESTABLISHED #SECTION RELATED SECTION NEW DNAT net:10.0.100.5 net:13.0.0.2 tcp 3030 ACCEPT net:10.0.100.0/24 fw icmp ACCEPT net fw tcp http ACCEPT net fw tcp 1723 ACCEPT net fw tcp isakmp ACCEPT net fw udp 500 ACCEPT net:10.0.100.3 fw tcp ssh I tried as upsaid (adding routeback to my eth0 and modifying the DNAT rule as above) but still no go... Any hint? _________________________________________________ Andrea Fastame Technical Manager email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Via dei Ramai, 1/11 - 57121 Livorno, Italy Office: +39 0586 427010 fax +39 0586 443245 web site: www.daxo.it _________________________________________________ DAXO s.r.l. - All Rights Reserved. This message and the enclosed documents may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. David Mohr ha scritto: > Hi Andrea, > not totally sure on this, but it should work: > > On 5/23/07, Andrea Fastame <[EMAIL PROTECTED]> wrote: > <...cut...> > > >> Still, the tunnel works fine (i can ping a remote host 10.11.100.24 >> successfullty). I manually had to setup a route to route all packets to >> the 10.100.11.24 trhough the 13.0.0.2 interface (alias). >> I read that (eventually) I should put some entry in the >> /etc/shorewall/masq file. Still, I have not grasped what I should really >> enter in that conf file. Any hint (if positive)? >> >> Now, this is my problem: I would like to FORWARD all incoming conns to >> TCP 3030 to the remote 10.100.11.24, hence, through the IPSEC tunnel. >> I have read the whole Shorewall FAQ and MASQ, but no luck. >> > > <...cut...> > > >> /etc/shorewall/interfaces >> >> #ZONE INTERFACE BROADCAST OPTIONS >> fw firewall >> net eth0 detect >> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE >> > > I think you might want to specify the 'routeback' option here, because > the traffic is leaving the same interface that it arrived on. > > ~David > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
