On Tue, 2007-09-11 at 16:04 +0100, John Lewis wrote: > Quoting Tom Eastep <[EMAIL PROTECTED]>: > > > You either have to SNAT the forwarded traffic (disgusting hack which > > makes all forwarded traffic appear to the server as if it originated on > > the Shorewall box), or you need to use policy routing on the remote > > system. In the latter case, it is helpful to have the server listening > > on a unique address (possibly configured on the 'lo' device) so that you > > can direct all traffic from that address to a routing table whose > > default route goes back through the VPN. > > > > Thanks for the pointer but can you elaborate? When you are talking > about SNAT (disgusting as it may be) I assume you are referring to the > "masq" file as far as Shorewall is concerned?
That's the only means for specifying SNAT in Shorewall. > Are we talking about > Shorewall on the VPN/Firewall server or on the VPN client? On the VPN/Firewall server. > > What would the rule look like? > I'm assuming that your VPN is routed as opposed to bridged. tun+:10.9.0.6 0.0.0.0/0 <ip of tun0> tcp 5500 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
