On 04/26/2011 02:31 AM, Milen Pankov wrote: > Hi, > > I am having trouble making nat in shorewall work for my ppp clients. My > clients connect using l2tp/ipsec vpn (ppp+ interfaces) and are supposed > to use the server's internet connection. My goal is to drop everything > except for clients connecting to a local dns on the server and using > server's internet connection (NAT). The clients use ips in the following > subnet 10.197.204.0/23. IP 10.197.204.1 is for the server (it is the > gateway for the clients) and it is where the dns server listens. My > current configuration is as follows: > > zones file: > ### > fw firewall > net ipv4 > l2tp ipv4 > ### > > interfaces file: > ### > net eth0 detect tcpflags > l2tp ppp+ > ### > > policy file: > ### > net all DROP > l2tp all DROP > fw all ACCEPT > all all DROP > ### > > rules file: > ### > ACCEPT l2tp fw udp 53 > ACCEPT l2tp fw tcp 53 > ACCEPT l2tp net all > ACCEPT all fw tcp 22 > ACCEPT all fw udp 500 > ACCEPT all fw udp 1701 > ACCEPT all fw udp 4500 > ### > > masg file: > ### > eth0 10.197.204.0/23 > ###
Please see http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
