On 6/1/2014 9:16 AM, Michael Kress wrote: > Am 10.05.2014 16:07, schrieb Tom Eastep: >> On 5/9/2014 4:56 PM, Michael Kress wrote: >>> Hi again, sorry, but I'm still having issues with my setup as described >>> in my previous posts (multi-isp setup with openvpn and dsl router). >>> The problem is that if I try to connect from LAN (192.168.5.181) to the >>> VPN ip (x.x.x.245) via a DNAT rule, the request gets forwarded, but the >>> reply doesn't obviously find the way back. >> Why do you need DNAT? >> >> > > > (sorry, had to delay work on that topic) > that's to forward requests/ports that come over vpn to certain hosts > like e.g. > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # # PORT PORT(S) DEST > DNAT vpn dmz:192.168.0.11 icmp - - x.x.x.245 > > > In this example, the ping that comes from the outside to the vpn > interface, gets forwarded to dmz:192.168.0.11 and the reply gets > correctly back to the pinging party. >
You also need a masq rule -- see Shorewall FAQ 2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
