-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 3/18/20 1:52 PM, Andrey Andreev wrote: > I follow the instructions (see attached screenshot) in > https://shorewall.org/IPSEC.htm
You should be using https://shorewall.org/IPSEC-2.6.html. > /etc/shorewall/masq - System A #INTERFACE SOURCE > ADDRESS eth0:!10.0.0.0/8 192.168.1.0/24 > > And decided that eth0:!9.9.9.9 ==> SNAT(!9.9.9.9) That rule translates to this snat rule: MASQUERADE 192.168.1.0/24 eth0:!10.0.0.0/8 > > No IPSec examples in snat paper on > https://shorewall.org/manpages/shorewall-snat.html Sorry for my > "monkey" action. So I will leave in snat file just this single > line: SNAT(11.11.11.11) 0.0.0.0/0 enp2s0 > > Thanks for the help! Glad to help, - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5yr04ACgkQluaz8kI6 TRDxug//fE9LyFW3f5ZHIJR3kQweMX7neEpF9cEuL7sM9NSFMUSZLUuLxjlonKLE jHViXOpVcKkVyyaJhfscl8yOJYjXjlvr+zDz17uqfg8XIeUESw/C/b71w2XJGNSi FLPNz5nU2TBWbTc5DZl0OFqTYI3tc6FJd7UOJ5LvEBfdcf4mCCrKsRCJEi71qQD5 eXXaTqoII/eOCSMqU7IrZ+fwko/+/QJxWK8JUIt0Id1pwzznhTASX+1tr3U+l007 LWjVioYT9W8jZi6+X2/ZvQRwGLKCdtslh95I0He18/rSBfpu7FNDfulT8IG2f1KE HaeRGIzMvvFt0onUQlLHNhkchKZDBDv+67dEUJqMt/OFcNhn2RInqJOtNhGRF8mY LNla9wGg0tQIFW1qzWY04d9eSRUCB4gnYfgnJ9hlDzBnZMdiDRcznTxkL4QCcxTS JzwD2vkMYsGC+0VJHh3XRtofKD2wDW748euW5IWj/UWlicCokurV86c9sm1VW+w1 nStKMCLjR4NhFxMY/faDOeOROc1jDAT6EX5u9FFBs1+UyqUwUPY6TeYm89hZ2/Ca 3msBgo020msOotlvJbe0lGREbuLwGnQVz2/iqclq+VqfAtmMTlQq8yydybCg9T8Z TN485npAntJnsEoVnMT8WJU1aHBRnnPxGtjRt0NWSsOLZwclFV8= =0HrS -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
