[Shorewall-users] Masquerade default route for network on internal interface through ipsec built on external/internet interface

Wed, 01 May 2013 09:55:34 -0700 

Hello,

I am currently attempting to masquerade traffic behind an internal interface 
(eth0) destined for the default gateway to go out of a firewall device located 
at the other end of an ipsec tunnel.  I have attempted to use the providers 
feature to do this, but I can not figure out how to keep the ipsec tunnel up 
while having the traffic forwarded.  At this point, the only thing I can think 
of is to exclude the far end IP address of the ipsec tunnel and leave 
everything else to pass through the other device.  However, I was hoping there 
was a much simpler alternative.

Quick overview of network:

[The Internet] <-----> [Corporate HQ - IPSec Device & Firewall (internal: 
10.1.0.1)] <—ipsec—> [The Internet] <—ipsec—> [Remote Location – eth1] 
<—shorewall--> [Remote Location – eth0 (10.2.0.1)] <---> [Internal Network 
(10.2.0.0/24)]

I went through the shorewall documentation and was unable to find anywhere that 
shows this particular example.  I have tried using several configurations in 
the masq file, but to no avail:

#INTERFACE SOURCE ADDRESS ...
eth0 192.168.1.0/24 1.1.1.1
#And also tried:
eth0:10.1.0.1 eth0

I am hoping the first example above is the correct format; however, that IP is 
on a far-end device.  Also, I do not have an ipsec0 device since I am using 
spdadd rules with raccoon that create the static routes of the internal network 
at headquarters.

I am certain this is a very simple issue and a solution will be as well, but I 
cannot seem to wrap my mind around it.  I have included the shorewall & kernel 
versions below for reference.

Shorewall version: 4.4.24.1
Kernel version: 3.4.33-2.24-default (SMP x64)

Thank you for any help.

Ryan
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to