Hello everyone,
recently I've configured OpenVPN on a Debian Etch Server with Shorewall.
The VPN-Server is used to connect from an external Client to the
internal server.
This is my setup:
192.168.0.4 eth0 192.168.0.2 eth1 ext. IP dyn. IP
tun0 10.0.0.1 tun0 10.0.0.6
Server A ------------- Server B --------------- Client
internal external
Samba Share VPN Server / Shorewall VPN Client
Now I want the Client to communicate with the internal Server A. I want
to forward the Samba Ports to the tun0 interface (10.0.0.1) of Server B,
so that I can access the samba share from Server A (192.168.0.4)
directly on Server B (10.0.0.1).
I've done the following with Shorewall:
interfaces:
int eth0
net eth1
road tun+
zones:
fw firewall
int ipv4
net ipv4
road ipv4
tunnels:
openvpnserver:1194 net 0.0.0.0/0
policy:
all all REJECT
net all DROP
int all DROP
$FW net REJECT
$FW int ACCEPT
$FW road ACCEPT
int road ACCEPT
road $FW ACCEPT
road int ACCEPT
road net ACCEPT
rules (only the important DNAT rule)
DNAT road int:192.168.0.4 tcp 135,139,445
- 10.0.0.1
OpenVPN works - the client can access everything on Server B (10.0.0.1).
But the DNAT ports show up as filtered when I scan the server with nmap
and I'll get a timeout when trying to connect to them (also tried with
some other protocols like FTP).
Do you have any idea whats wrong here?
Thanks in advance.
Matthias
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
