On Tue, Jul 06, 2021 at 04:27:41PM -0400, PGNet Dev wrote: > Configs include: > > Shorewall @ "Public Server": > /rules > ACCEPT net $FW:AA.AA.AA.AA tcp 12345 > DNAT net vpn:10.10.10.99 tcp 12345 - > AA.AA.AA.AA > > Shorewall @ "Private Edge" > /rules > ACCEPT vpn lan:10.10.10.99 tcp 12345 > DNAT vpn lan:10.10.10.99 tcp 12345 - > 10.10.10.99
By default, DNAT includes ACCEPT. So the first step is to remove the redundant ACCEPT. > but FAILs to route back over the VPN link; I don't see the traffic return via > intfc = vpn0. > it's instead appearing on the EXTERNAL interface > > Where does that mis-routeback need to get fixed? so the traffic return is via > "Private Edge" *vpn0*, NOT *eth0*? You haven't shown the rest of your config - maybe it's missing the routeback option. -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
