Tom, You may also need to have your gateway/router device have a route to the OpenVPN subnet that identifies the Astlinux box as the gateway for the OpenVPN subnet.
Darrick -----Original Message----- From: Tom Chadwin [mailto:nnpait.servi...@googlemail.com] Sent: Tuesday, December 11, 2012 10:35 AM To: 'AstLinux Users Mailing List' Subject: Re: [Astlinux-users] NAT rule Hi Lonnie To clarify: if I set the Astlinux box up as a VPN server (probably OpenVPN road warrior), and I connect to that remotely, will I be able to reach other machines on the remote LAN, even though they do not have the Astlinux box set as their default gateway/route? Thanks Tom -----Original Message----- From: Tom Chadwin [mailto:nnpait.servi...@googlemail.com] Sent: 10 December 2012 16:29 To: 'AstLinux Users Mailing List' Subject: RE: [Astlinux-users] NAT rule Understood. No, we have no VPNs set up on the Astlinux box - the firewall on the main line (which was down) is the VPN endpoint. I shall look at setting up an OpenVPN for this very situation in the future. Thanks for the suggestion. Thanks again Tom -----Original Message----- From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] Sent: 10 December 2012 16:27 To: AstLinux Users Mailing List Cc: Tom Chadwin Subject: Re: [Astlinux-users] NAT rule Tom, I see what you are trying to do, but the source address of your NAT EXT-LAN packet to the PC will be the address the PC sends the reply to, and that will no doubt go via your default gateway... which is down. Though, if you had a VPN server enabled on the AstLinux box then you should be able to reach your internal PC. PPTP Server may be the easiest for a quick temporary solution, but OpenVPN Server or IPSec Mobile would be a better long term solution. Lonnie On Dec 10, 2012, at 9:57 AM, Tom Chadwin wrote: > Hi Lonnie > > OK, so that's not the explanation of why my RDP session would not connect. > Basic networking question follows: > > This Astlinux box is not the gateway for our Windows boxes. Does this > mean that, even if I set a port-forward up right on the Astlinux box > (which I think I did), there is no way to get the Windows box to send > it's reply via the Astlinux box, rather than via the normal gateway > (which in this instance was down, which is the problem I am trying to solve)? > > Thanks for all the help > > Tom > > > -----Original Message----- > From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] > Sent: 10 December 2012 15:47 > To: AstLinux Users Mailing List > Cc: Tom Chadwin > Subject: Re: [Astlinux-users] NAT rule > > Hi Tom, > > The Firewall tab's "NAT EXT:" entry specifies which external IP the > rule applies to, by default it is 0/0 which is any external IP. You > probably only have one external IP address. > > So, something like this would work for RDP > -- > NAT EXT-LAN Protocol: TCP Src: 0/0 Port: 3389 Dst: 192.168.100.10 Port: > 3389 NAT EXT: 0/0 > > { Restart Firewall } - _x_ Confirm > -- > > For the advanced, special case where your external interface has more > than one static IP address defined via the Advanced variable > EXTIP_ALIAS > (user.conf): > > EXTIP_ALIAS="1.2.3.11" > > In this case, in addition to the static external IP address defined in > the Network tab (assume 1.2.3.10), the 1.2.3.11 address will also be 'aliased' > to the same external interface. For this case when NAT'ing, you can use: > -- > NAT EXT: 1.2.3.10 > -- or -- > NAT EXT: 1.2.3.11 > -- or -- > NAT EXT: 0/0 > -- > to specify if the NAT rule should apply to only 1.2.3.10, or only > 1.2.3.11 or both 0/0. > > Lonnie > > > On Dec 10, 2012, at 8:04 AM, Tom Chadwin wrote: > >> Hello all >> >> Just lost main connection to a remote site, but the Astlinux box >> (also on the LAN) on its own line is up and reachable. I'm therefore >> trying to set up a port forward on the Astlinux box to allow me to >> RDP from here to a Windows box on the LAN. >> >> Have added a "NAT EXT>LAN" rule. This brings up another field >> labelled "NAT EXT", with the default value of 0/0. What is this? >> Should I enter something here? I cannot establish the RDP session >> yet, so something isn't > working. >> >> Thanks >> >> Tom > > > > ---------------------------------------------------------------------- > -------- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free > Trial Remotely access PCs and mobile devices and provide instant > support Improve your efficiency, and focus on delivering more > value-add services Discover what IT Professionals Know. Rescue > delivers http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. > > ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
