On 5/28/2015 2:00 PM, PGNd wrote: >>> May 28 08:06:30 border000 kernel: [34372.977048] SW:fw2vpn1:DROP IN= >>> OUT=tun1 SRC=10.0.2.53 DST=10.254.254.1 LEN=143 TOS=0x00 PREC=0x00 TTL=64 >>> ID=3671 PROTO=UDP SPT=63068 DPT=53 LEN=123 >> Please forward the output of 'shorewall dump' taken after you have >> produced the above log message. > As mere luck would have it, amidst my incessant tweaking, I've 'changed > something'. Now, the traffic flows, > > local/udp > > May 28 13:51:59 border000 kernel: [54502.157446] > SW:[P4][TEST1]:ACCEPT IN= OUT=tun1 SRC=10.0.2.53 DST=10.254.254.1 LEN=145 > TOS=0x00 PREC=0x00 TTL=64 ID=18088 PROTO=UDP SPT=24495 DPT=53 LEN=125 > > remote/tcp > > May 28 13:51:59 vps000 kernel: [54743.048152] > SW:[P4]fw2vpn1:ACCEPT IN= OUT=tun1 SRC=10.254.254.1 DST=10.0.2.53 LEN=52 > TOS=0x00 PREC=0x00 TTL=64 ID=59461 DF PROTO=TCP SPT=60797 DPT=53 WINDOW=29200 > RES=0x00 SYN URGP=0 > > I'll figure out what actually fixed that problem in a bit. > > Which brings me back to the original question: how/where to masq, dnat, etc > so that the SRC/DST=10.254.254.1, instead of reporting just the tunnel > endpoint, shows the actual SRC/DST=10.0.1.53 of the remote DNS server? > Remove the vpn1 entry from your masq file. -Tom
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
