On 07/27/2017 07:07 AM, Ivan wrote: > Hello all, > > I have an Debian server with shorewall (version 4.6.4.3), on the same > server is installed an OpenVPN Server, on remote site I have a > LEDE/OpenWRT router with an OpenVPN Client connected to previous server. > > This is my network: > > Office with Debian Server > > 1. Eth0: internal network with address 192.168.1.1 (subnet 192.168.1.0/24) > 2. Eth1: external network with address 192.168.0.2 connected to > provider router; > 3. Tun0: OpenVPN Network with subnet 192.168.250.0/24 > > Home with LEDE/OpenWRT Router > > 1. The router is connected to internet through an LTE USB key; > 2. On the router is running OpenVN Client connected to server with IP > Address: 192.168.250.122 > 3. The internal network have the subnet 192.168.0.0/24 > > > > I need to expose a my home internal Web Server host (running on address > 192.168.0.4) through my Office internet network. > > I configured Shorewall, OpenWRT and OpenVPN to do it and I’m able to > reach the server from I internal office network connecting to OpenVPN > client IP (192.168.250.122), but I’m not able to reach the web server > from internet following this route: > > > > Internet -> external office IP Address -> 192.168.0.2 -> 192.168.1.1 -> > 192.168.250.122 -> 192.168.0.4 > > > > I believe that the issue is related to a wrong MASQ/SNAT configuration, > because into OpenWRT router logs I saw the request but the Source IP > Address is the original one instead of the office IP Address, is it true? > > I which way should I configure masquerade to solve this issue? >
Sounds like, on the Office "Server" (which isn't really a server - it's a gateway/router), you need this masq entry: tun0 !192.168.1.0/24 -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users