On Tue, Sep 29, 2020 at 08:54:42PM +0000, JadoNena via Shorewall-users wrote: > Hello, > > We're changing offices and I need to set up two servers connected over a VPN. > > One server has a public IP, "1.2.3.4" > > The other server runs a service @ internal IP address "10.0.0.2:1234" > > I want to give access @ 1.2.3.4:1234 and transparently 'tunnel' (don't know > if that's the right word) all the traffic to & from the 10.0.0.1:1234 server. > > With the VPN in the middle, and no service on the external server, though I > got very confused with the SNAT/DNAT and the rules I need. It is now a lot > more complicated than what I did before. > > > If this is what the network looks like: > > > PublicIP1: 1.2.3.4, Interface: eth1 > | > [Server1 with Shorewall] > | > InternalIP1: 10.0.0.1, Interface: dummy1 > | > VPN Endpoint1: 10.200.200.1, Interface: wg1 > | > | > | > | > VPN Endpoint2: 10.200.200.2, Interface: wg2 > | > InternalIP2: 10.0.0.2, Interface: eth2 > | > [Server2 with Shorewall] > | > [ Service, listening on 10.0.0.2:1234] > > > What rules/SNAT/DNAT do I need for each Shorewall firewall to make it work so > the 'world' can access the service? > You need DNAT, as described here:
https://shorewall.org/two-interface.htm#DNAT Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
