You want to read about netmap. https://shorewall.org/manpages/shorewall-netmap.html
On Mon, Apr 14, 2025 at 12:37:34PM -0500, Rich Goodwin via Shorewall-users wrote: > HELP! -- I just can't seem to figure out how to configure this. > I have a Shorewall/IPSEC VPN gateway configuration that is working great to > my remote sites. > Doing gateway to gateway and gateway to client tunnels where I have no > network overlap issues. > Where I am stuck at is I need to NAT my network to a different private > network as the remote site already is using my private network range. > > I am using Debian 11 with v5.2.3.4 Shorewall. > But I have a site where there is an address conflict so I need to remap my > 192.168.10.0/24 network to 172.17.87.0/24 > to avoid issues. They already have a 192.168.10.0/24 network in their > systems. > > I need to do the following: > > 192.168.10.0/24 <-> 172.17.87.0/24 <- IPsec tunnel -> 172.28.0.80/29 <-> > 172.28.0.82 > > Traffic from my 192.168.10.0/24 network needs to have it's addresses mapped > to 172.17.87.0/24 network. > Then sent to the 172.17.87.0/24 to 172.28.0.80/29 tunnel and on to the > 172.28.0.82 server on their end. > Then their replies need to come back across the tunnel and be converted back > from the 172.17.87.0/24 network to my 192.168.10.0/24 network. > > I have the tunnel up and functional. > My issue is how to configure Shorewall to do the 1 to 1 translation and pass > on to the tunnel. > > Does anyone have an example of this that I could follow? _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
