Instead of debugging broken, I am just looking for documentation & examples.
So I can read & follow the examples and build it the right way to start.
My situation is still pretty simple.
2 sites, connected over a VPN. One facing the internet, the other on my LAN,
providing a service.
I want to expose that service to the internet.
All of the examples I can find so far do not include the extra leg of the vpn.
So for this
(1)
off-site
ip: 111.111.111.111
(2)
my public server + Shorewall
intfc: eth1
ip: 1.2.3.4
dummy intfc: dummy1
ip: 10.0.1.1/24
vpn intfc: wg1
endpoint: 10.200.200.1
(4)
my internal server + Shorewall
vpn intfc: wg2
endpoint: 10.200.200.2
intfc: eth2
lan ip: 10.0.2.2/24
|
|-- service: listening on port 1234
I've added ONE rule to shorewall configuration @ (2)
DNAT net:111.111.111.111 wg:10.0.2.2 tcp 1234 -
1.2.3.4
>From internal, @ (2)
telnet 10.0.2.2 1234
works.
>From external, @ (1),
telnet 1.2.3.4 1234
gets traffic TO
vpn intfc: wg1
endpoint: 10.200.200.1
but does not get to the other side
vpn intfc: wg2
endpoint: 10.200.200.2
Something needs to tell the system to allow that traffic when it comes from
external, not just internal.
Where do I add the rule or route in Shorewall to do that ?
What are the right documents & examples for managing & redirecting INCOMING
traffic from the internet like this, not outgoing TO the internet ?
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
