On 7/17/10 5:54 PM, Tom Eastep wrote: > On 7/17/10 8:54 AM, Farkas Levente wrote: > >> but what does it means? > > It means that column is not relevant to your problem - LEAVE IT EMPTY. > > i put into my masq file: >> ----------------------------------- >> $NET_IF:$REMOTE_NET $VPNS_NET $LAN_IP - - mode=tunnel >> ----------------------------------- >> but try many others. none of them working. what should i've to write >> into this file in order to be able masq all traffic from the vpn network >> to the remote network to my lan interface's address? > > How could we possibly know? You show us a bunch of shell variables but > don't tell us what their values are? As always when there is a > connection problem, I don't want to see configuration file contents; I > want to see the output of 'shorewall dump'.
Basically, you must construct a rule that will give the packets a source IP address that is covered by your security policies. Beware, however, that I have been working with another Shorewall user (Brian Murrell) who is trying to do a similar thing and we are finding that return packets are being mysteriously dropped in pre-routing/routing (they are going through the mangle PREROUTING chain but are not reaching either the FORWARD or INPUT chains). So I can't guarantee that you will find any solution to this problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
