I don't see anything wrong with your Shorewall files. I have several VPNs set up that work. However, the only option I use for a IPSEC zone is mss=1376; all the others I've tried caused problems. I don't remember where I got the magic number 1376, but it works.
Even though your files have few entries, you should make use of Shorewall's '?COMMENT'. It helps anyone looking at the iptables that are generated: ?COMMENT zimbra virtualbox machine DNAT lan4 vbox:$zimbra_ip tcp ssh - $INET2_IP2 iptables -t nat -nvL: DNAT tcp -- ... tcp dpt:22 /* zimbra virtualbox machine */ to:192.168.56.101 Bill ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users