On 10/18/2012 02:54 AM, Krzysiek Nowak wrote: > Hello! > > > I'd like to ask if it is possible to connect local LAN network with > external one to which access is provided by tap0 adapter (ShrewSoft > connecting to CheckpointVPN gateway)? I have a server with eth0 adapter > which is used as WAN adapter, tap0 (VPN) and eth1 which is acting as LAN > interface. What I want to do is to grant access for users from this LAN > (eth1) to network 10.49.41.0/24 available when tun0 is connected to VPN. > Is it possible with Shorewall? If so, how? > > internet > | > |-eth0:10.48.10.27/24--->-| > ^ tap0:10.44.70.68/32 [shrew soft connecting to CheckPoint VPN, DHCP] > | > |-eth1:192.168.1.1/24---<-| > ^ > | > <-LAN > ^ > | > < - 192.168.1.2/24 [how to connect to > 10.49.41.111/32 ?]
Kris, There are two parts to this problem: a) Allowing the traffic. b) Routing. The first part is easy. Define a zone 'vpn' to be associated with tap0, then configure policies/rules to permit the traffic you want to allow. The second part will require that you masquerade traffic from your local LAN to the remote network, unless the remote end can be configured to route 192.168.1.1/24 through the VPN. If that isn't possible, then you need this in the masq file: tap0 192.168.1.0/24 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
