Adrian Chapela wrote:
Simon Hobson escribió:Adrian Chapela wrote:Thank you for your fast answer but I already read this document and I test this on my LAN with succesfully results. My problem is to test the same config on the next config: Shorewall BOX ->> Router ->>> ...... INTERNET ...... <<<- Remoter Router <<- Remote Shorewall Box. I am testing this config and I can't stablish a tunnel with the two shorewall boxes, Nedd I do some configuration on Routers ?Yes, you MUST configure each router to port forward the required traffic to the shorewall box behind it - otherwise the packets from the other end will simply be dropped. That is no different to running any other service on a machine behind the NAT gateway.Yes I know, but opening a tunnel isn't the same as run a service with an opened port ... tunnel hasn't a port...This is my problem..but I think I must forward the GRE traffic to a linux box.
That's correct. On a Linux router:iptables -t nat -A PREROUTING -s <remote router's IP> -p 47 -j DNAT --to-destination <local Shorewall IP>
andiptables -A FORWARD -s <remote router> -m conntrack --ctorigdst <local router's IP> -d <local Shorewall IP> -p 47 -j ACCEPT
That's basically the same thing you would do to forward a TCP port except replace '-p 47' with '-p 6' and add '-dport <portnumber>' to both rules.
With some other type of router, consult the documentation or the manufacturer's web site or help line.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
