Hello. I have following Shorewall (4.5.21.10) configuration (simplified)
--- Zone file --- zlan ipv4 zdmz ipv4 zinet ipv4 zvpn ipv4 --- Interfaces file --- zlan lan zdmz dmz zinet inet --- Hosts file --- zvpn inet:remote_internal_lan,remote_external_ip ipsec --- Masq file --- inet dmz inet lan --- Policy file --- $FW all ACCEPT zlan zinet ACCEPT zlan zdmz ACCEPT zlan zvpn ACCEPT zinet all DROP info all all REJECT info --- Tunnels file --- ipsec zinet remote_external_ip --------------------- Everything is working fine, but I need to add access from zdmz zone to zvpn. In FreeSwan configuration only zlan have access to zvpn, so it looks I need some kind of masquerading. Is this theoretically possible? I tried following: 1. step add to beginning of Policy file: zdmz zvpn ACCEPT 2. step add to beginning of Masq file inet:remote_internal_lan dmz ip_of_lan_interface But when I try to ping zvpn hosts from zdmz I get: Shorewall:zdmz2zinet:REJECT:IN=dmz OUT=inet ... SRC=some_zdmz_ip DST=some_zvpn_ip Honestly speaking in second step I tried almost all possible combinations of IP/net addresses and when I ping I always get same error. What I am doing wrong? Thank you for any help in advance. Raimonds Cicans ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
