Re: [Shorewall-users] dnat vpn to net

Thu, 21 Apr 2016 10:03:01 -0700 

Hello, i have this scheme


     Internet
          |
----------------------
|  adsl router   |
|ip:192.168.1.1| ---- [printer in usb port]
----------------------
          |
-------------------------------------
|firewall wlan0 to router    |
|           eth0 localnetwork|
|           tun0 openvpn      |
-------------------------------------
          |
---------------------------------------
|  few local scales in shop |
---------------------------------------
I tagged wlan0 has net
eth0 has local
and tun0 has vpn
in /etc/interfaces like that:
#cat interfaces|grep -v \#
?FORMAT 2
net     wlan0
 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
vpn     tun0
 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
loc     eth0
 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0



Sorry, but i can't understand why 192.168.1.1 is not in the net network. If
is outside firewall

I try to masq vpn netowrk like localnetwork iin masq file:
#cat masq  |grep -v \#
wlan0                   10.1.3.0/24, \
                            10.0.8.0/24

Now a nmap from a remote location say is not filtered. Good :D
#nmap 10.0.8.103

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 16:43 UTC
Nmap scan report for 10.0.8.103
Host is up (0.12s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
6000/tcp open  X11
8888/tcp open  sun-answerbook

but still can no open web page in all of two ports i set up for acces to on
router.
I add this line in rules:
DNAT            vpn             net:192.168.1.1:80 tcp 8888


I really apreciate all your help :D


2016-04-21 16:55 GMT+02:00 Tom Eastep <[email protected]>:

> On 04/21/2016 01:43 AM, Eduard Vidal i Tulsà wrote:
> > I have a remote location and acces via vpn without problems
> > even i can conect a localmachine using dnat, for conect her
> > but i wanna connect to router for acces to him but it dont work
> >
> > rules
> > ?SECTION ALL
> > ?SECTION ESTABLISHED
> > ?SECTION RELATED
> > ?SECTION INVALID
> > ?SECTION UNTRACKED
> > ?SECTION NEW
> >
> > Invalid(DROP)   net             all             tcp
> > DNS(ACCEPT)     $FW             net
> > SSH(ACCEPT)     loc             $FW
> > SSH(ACCEPT)     vpn             $FW
> >
> > Ping(ACCEPT)    loc             $FW
> >
> >
> > Ping(DROP)      net             $FW
> >
> > ACCEPT          $FW             loc             icmp
> > ACCEPT          $FW             net             icmp
> > ACCEPT          vpn             all     all
> > DNS(ACCEPT)     loc              $FW
> > SSH(ACCEPT)     net             $FW         TCP
> >
> > DNAT            vpn             loc:10.1.3.2 tcp 6000 #this work
> > DNAT            vpn             net:192.168.1.1 tcp 80 - &tun0  # this
> > not work
>
> 192.168.1.1 is not in the net zone -- it is in the
>
> > (end of rules)
> > from a remote localtion i get this
> > nmap 10.0.8.4 # (vpn adress)
> >
> > Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 10:18 CEST
> > Nmap scan report for 10.0.8.4
> > Host is up (0.17s latency).
> > Not shown: 996 closed ports
> > PORT     STATE    SERVICE
> > 22/tcp   open     ssh
> > 53/tcp   open     domain
> > 80/tcp   filtered http
> > 6000/tcp open     X11
> >
> > Nmap done: 1 IP address (1 host up) scanned in 13.33 seconds
> >
> >
> > this is my shorewall dump
>
>
> You also need to masquerade 10.0.8.0/24 to the net zone.
>
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>


-- 
Eduard Vidal i Tulsà <http://www.facebook.com/festuc> +34615629775
*Te mando este correo por que estas en mis contactos especiales, te
mantengo informado por que alguna vez tu me diste tu correo electrónico, si
no deseas recibir más información solo házmelo saber y no te enviaré
ninguno más*

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to