Hi, Firstly I would like to say thank you to everyone who who has had a hand in producing and maintaining Shorewall. I have been using it for 4 years and it does a great job of hiding the internals of iptables and therefore simplifying firewall setup for me.
Now down to the nitty gritty. Basically what I want to is forward an external connection to a VPN client. Both the firewall and VPN server are on the same machine. Naively I just tried to do a straight DNAT in /etc/shorewall/rules:- DNAT:info net vpn:10.9.0.6 tcp 5500 - Activity to this port is getting logged but isn't getting to the IP in question:- Sep 11 12:15:27 localhost kernel: Shorewall:net_dnat:DNAT:IN=ppp0 OUT= MAC= SRC=86.43.91.112 DST=83.70.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=10287 DF PROTO=TCP SPT=40832 DPT=5500 WINDOW=65535 RES=0x00 SYN URGP=0 Sep 11 12:18:02 localhost kernel: Shorewall:net_dnat:DNAT:IN=ppp0 OUT= MAC= SRC=86.43.91.112 DST=83.70.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=124 ID=15726 DF PROTO=TCP SPT=40847 DPT=5500 WINDOW=65535 RES=0x00 SYN URGP=0 If I telnet to 10.9.0.6 on port 5500 from the server i.e. internally I get a response:- Trying 10.9.0.6... Connected to 10.9.0.6. Escape character is '^]'. I'm sure this setup will look a little strange but I will explain why I am doing things this way. In a nutshell my ISP doesn't give me an external address or port forwarding (HSDPA network). To get around that I am using a VPN to a remote site that does have a public address and want to be able forward relevant traffic to my VPN client. Can anyone help? Thanks hopefully in advance. John. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
