Quoting Tom Eastep <[EMAIL PROTECTED]>: > You either have to SNAT the forwarded traffic (disgusting hack which > makes all forwarded traffic appear to the server as if it originated on > the Shorewall box), or you need to use policy routing on the remote > system. In the latter case, it is helpful to have the server listening > on a unique address (possibly configured on the 'lo' device) so that you > can direct all traffic from that address to a routing table whose > default route goes back through the VPN. >
Thanks for the pointer but can you elaborate? When you are talking about SNAT (disgusting as it may be) I assume you are referring to the "masq" file as far as Shorewall is concerned? Are we talking about Shorewall on the VPN/Firewall server or on the VPN client? What would the rule look like? John. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
