Quoting Tom Eastep <[EMAIL PROTECTED]>: > On Tue, 2007-09-11 at 16:04 +0100, John Lewis wrote: >> Quoting Tom Eastep <[EMAIL PROTECTED]>: >> >> > You either have to SNAT the forwarded traffic (disgusting hack which >> > makes all forwarded traffic appear to the server as if it originated on >> > the Shorewall box), or you need to use policy routing on the remote >> > system. In the latter case, it is helpful to have the server listening >> > on a unique address (possibly configured on the 'lo' device) so that you >> > can direct all traffic from that address to a routing table whose >> > default route goes back through the VPN. >> > >> >> Thanks for the pointer but can you elaborate? When you are talking >> about SNAT (disgusting as it may be) I assume you are referring to the >> "masq" file as far as Shorewall is concerned? > > That's the only means for specifying SNAT in Shorewall. > >> Are we talking about >> Shorewall on the VPN/Firewall server or on the VPN client? > > On the VPN/Firewall server. > >> >> What would the rule look like? >> > > I'm assuming that your VPN is routed as opposed to bridged. > > tun+:10.9.0.6 0.0.0.0/0 <ip of tun0> tcp 5500 >
Tom, tun0:10.9.0.6 0.0.0.0/0 10.9.0.1 tcp 5500 Worked for me. I don't pretend to understand exactly why the rule is structured that way, ok well actually I do now, come to think of it. It must be saying any port 5500 traffic going out of the VPN interface to 10.9.0.6 from any IP address will have it's source address replaced with 10.9.0.1. It is a bit ugly, I have been googling my little tail off and found this handy howto on redirecting traffic for a transparent proxy. I think I will adapt that to my purpose and post the solution here. Thank you Tom, I bow to your greater knowledge and judgment, and so on and so forth, but then I guess that's why your there and I'm here. Abientot! ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
