Re: [Shorewall-users] dnat vpn to net

Thu, 21 Apr 2016 08:09:07 -0700 

On 04/21/2016 01:43 AM, Eduard Vidal i Tulsà wrote:
> I have a remote location and acces via vpn without problems
> even i can conect a localmachine using dnat, for conect her
> but i wanna connect to router for acces to him but it dont work
> 
> rules
> ?SECTION ALL
> ?SECTION ESTABLISHED
> ?SECTION RELATED
> ?SECTION INVALID
> ?SECTION UNTRACKED
> ?SECTION NEW
> 
> Invalid(DROP)   net             all             tcp
> DNS(ACCEPT)     $FW             net
> SSH(ACCEPT)     loc             $FW
> SSH(ACCEPT)     vpn             $FW
> 
> Ping(ACCEPT)    loc             $FW
> 
> 
> Ping(DROP)      net             $FW
> 
> ACCEPT          $FW             loc             icmp
> ACCEPT          $FW             net             icmp
> ACCEPT          vpn             all     all
> DNS(ACCEPT)     loc              $FW
> SSH(ACCEPT)     net             $FW         TCP 
> 
> DNAT            vpn             loc:10.1.3.2 tcp 6000 #this work
> DNAT            vpn             net:192.168.1.1 tcp 80 - &tun0  # this
> not work

192.168.1.1 is not in the net zone -- it is in the

> (end of rules)
> from a remote localtion i get this
> nmap 10.0.8.4 # (vpn adress)
> 
> Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 10:18 CEST
> Nmap scan report for 10.0.8.4
> Host is up (0.17s latency).
> Not shown: 996 closed ports
> PORT     STATE    SERVICE
> 22/tcp   open     ssh
> 53/tcp   open     domain
> 80/tcp   filtered http
> 6000/tcp open     X11
> 
> Nmap done: 1 IP address (1 host up) scanned in 13.33 seconds
> 
> 
> this is my shorewall dump


You also need to masquerade 10.0.8.0/24 to the net zone.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to