On 10/18/12 2:33 PM, Brad Faler wrote: > Hi Everyone, > > I'm trying to set up an IPSec tunnel between one of my offices and a > vendor's network. I have the tunnel connecting, but I'm hitting a brick > wall on figuring out how to make my shorewall/iptables system work with it. > > This setup is very different from anything I have previously set up in > that they are requiring that I use SNAT to make all packets from our > network appear to be coming from a subnet that they have provided and > I'm not sure I understand how to accomplish this within shorewall. > > Here is what we have (these aren't the real IPs): > > My Network > > 192.168.27.1 - Firewall (Internal IP) > 10.8.0.1 - Public IP > 10.9.0.1 - Vendor Public IP > 10.60.72.72/30 - Subnet to NAT source traffic to > > Here's what I have for my IPSec config (which is connecting without issues) > > conn sec1 > authby=secret > left=10.8.0.1 > leftsubnet=10.60.72.72/30 > right=10.9.0.1 > rightsubnet=10.167.50.56/32 > auto=start > pfs=no > ike=aes-256-sha1-modp1024 > esp=aes-256-sha1 > > In Shorewall I have a pretty standard 2 network card setup: > > eth0 - Local Network > eth1 - Internet > > I have a couple other IPsec tunnels running on this machine and defined > in the zones and tunnels files.nano t > > Can anyone give me some tips about how I go about NAT'ing my source > traffic in shorewall for something like this? I'm thoroughly confused.
Try this in /etc/shorewall/masq: eth1:10.167.50.56 192.168.27.0/24 10.60.72.73 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
