Thanks Tom. That's a much cleaner and easier to maintain way. I restricted the SNAT to the subnet of the VPN client network as suggested. Works great.
--- Tom Eastep <[EMAIL PROTECTED]> wrote: > On Fri, 21 Jun 2002, Dragon Wood wrote: > > > Yes it worked! Thank you very much Phillip. > > > > By the way, I put the suggested iptables command > in > > /etc/shorewall/start like so: > > > > run_iptables -t nat -A POSTROUTING -o eth1 -j SNAT > > --to-source 172.16.100.1 > > In /etc/shorewall/masq: > > eth1 0.0.0.0/0 172.16.100.1 > > I suspect that you really want to restrict the SNAT > to connections from a > subnet or list of subnets: > > eth1 <subnet1> 172.16.100.1 > eth1 <subnet2> 172.16.100.1 > ... > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
