No, you need to do nothing on the 192. side.
do iptables -vnL just to check up on all2all.
I never heard of NetSupport. SQL server could have it's own
gateway defined, or other routing info, maybe ???
A simple iptables LOG eveything and you could see the packets
leave eth1 and see if there are responses.
tcpdump would show you all packets on the 172.16.100 lan.
If you accessed a Web Server via VPN, you are routing well.
Looks like you need to get out the old toolbox.
Dragon Wood <[EMAIL PROTECTED]> on 06/21/2002 04:47:52 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] VPN Tunnel Problem
I spoke slightly too soon, but I am very very close.
I can now successfully ping any servers at the remote
location in subnet 172.16.100.0/24 through the VPN
gateway from any workstation at the main office in
subnet 192.168.0.0/24. I can even http to a server
running IIS in the 172.16.100.0/24 subnet from my
workstation in the 192.168.0.0/24 subnet. However, I
cannot seem to NetSupport (similar to VNC or
PCAnywhere) or connect to an SQL Server in the
172.16.100.0/24 subnet. It's not the firewall because
shorewall has accept all2all policy enabled for this
test (I don't see any dropped or rejected packets on
either side).
The NATing settings suggested by you and Tom were made
on the 172.16.100.0/24 side. Do I need to do something
on the 192.168.0.0/24 side as well for some
applications?
Thanks for your help.
--- [EMAIL PROTECTED] wrote:
>
>
> Excellent.
>
> However, as Tom Eastep just pointed out, you are now
> NATing
> EVERYTHING on the inside of Bering.
> You should consider NAT only those packets of source
> net
> from VPN clients. That is if you have a reasonable
> no. of VPN
> subnets which you are serving.
>
>
>
>
>
>
> Dragon Wood <[EMAIL PROTECTED]> on 06/21/2002
> 01:46:21 PM
>
> To: Phillip Watts/austin/Nlynx@Nlynx
> cc: [EMAIL PROTECTED]
>
> Subject: Re: [leaf-user] VPN Tunnel Problem
>
>
>
> Yes it worked! Thank you very much Phillip.
>
> By the way, I put the suggested iptables command in
> /etc/shorewall/start like so:
>
> run_iptables -t nat -A POSTROUTING -o eth1 -j SNAT
> --to-source 172.16.100.1
>
> Does anyone know if that is the best way to do so in
> Shorewall or is there a better way to do this?
>
> Thanks again.
>
> --- [EMAIL PROTECTED] wrote:
> >
> >
> > DragonWood, any success?
> >
> >
> >
> >
> >
>
-------------------------------------------------------
> > Sponsored by:
> > ThinkGeek at http://www.ThinkGeek.com/
> >
>
------------------------------------------------------------------------
> > leaf-user mailing list:
> > [EMAIL PROTECTED]
> >
>
https://lists.sourceforge.net/lists/listinfo/leaf-user
> > SR FAQ:
>
http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
>
>
>
>
>
>
>
-------------------------------------------------------
> Sponsored by:
> ThinkGeek at http://www.ThinkGeek.com/
>
------------------------------------------------------------------------
> leaf-user mailing list:
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ:
http://leaf-project.org/pub/doc/docmanager/docid_1891.html
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
