Am 10.05.2014 16:07, schrieb Tom Eastep: > On 5/9/2014 4:56 PM, Michael Kress wrote: >> Hi again, sorry, but I'm still having issues with my setup as described >> in my previous posts (multi-isp setup with openvpn and dsl router). >> The problem is that if I try to connect from LAN (192.168.5.181) to the >> VPN ip (x.x.x.245) via a DNAT rule, the request gets forwarded, but the >> reply doesn't obviously find the way back. > Why do you need DNAT? > >
(sorry, had to delay work on that topic) that's to forward requests/ports that come over vpn to certain hosts like e.g. #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # # PORT PORT(S) DEST DNAT vpn dmz:192.168.0.11 icmp - - x.x.x.245 In this example, the ping that comes from the outside to the vpn interface, gets forwarded to dmz:192.168.0.11 and the reply gets correctly back to the pinging party. Regards Michael ------------------------------------------------------------------------------ Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
