Hi Everyone,
I'm trying to set up an IPSec tunnel between one of my offices and a
vendor's network. I have the tunnel connecting, but I'm hitting a brick
wall on figuring out how to make my shorewall/iptables system work with it.
This setup is very different from anything I have previously set up in
that they are requiring that I use SNAT to make all packets from our
network appear to be coming from a subnet that they have provided and
I'm not sure I understand how to accomplish this within shorewall.
Here is what we have (these aren't the real IPs):
My Network
192.168.27.1 - Firewall (Internal IP)
10.8.0.1 - Public IP
10.9.0.1 - Vendor Public IP
10.60.72.72/30 - Subnet to NAT source traffic to
Here's what I have for my IPSec config (which is connecting without issues)
conn sec1
authby=secret
left=10.8.0.1
leftsubnet=10.60.72.72/30
right=10.9.0.1
rightsubnet=10.167.50.56/32
auto=start
pfs=no
ike=aes-256-sha1-modp1024
esp=aes-256-sha1
In Shorewall I have a pretty standard 2 network card setup:
eth0 - Local Network
eth1 - Internet
I have a couple other IPsec tunnels running on this machine and defined
in the zones and tunnels files.nano t
Can anyone give me some tips about how I go about NAT'ing my source
traffic in shorewall for something like this? I'm thoroughly confused.
Brad
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
