Hi
I have 2 routers connected to clients. On both the clients they use
10.0.X.X ips.
We use 192.168.1.X in the DMZ.
So I have the linux FW in our DMZ (192.168.1.1) and client1 router
(192.168.1.10 internal and 10.0.X.X) and client2 router (192.168.1.20
internal and 10.0.X.X)
My id
On 02/16/2012 12:50 AM, Jan van der Vyver wrote:
> I have 2 routers connected to clients. On both the clients they use
> 10.0.X.X ips.
>
> We use 192.168.1.X in the DMZ.
>
> So I have the linux FW in our DMZ (192.168.1.1) and client1 router
> (192.168.1.10 internal and 10.0.X.X) and client2 ro
Hi all,q
I am using shorewall 4.4.6 on an ipsec road warrior. I am trying to
figure out how to configure so that traffic from a subnet of the road
warrior is SNATted before being encrypted and routed into the ipsec
tunnel. In essence I want to masquerade this subnet into the VPN.
The VPN for th
On 7/14/10 9:14 AM, Brian J. Murrell wrote:
> Hi all,q
>
> I am using shorewall 4.4.6 on an ipsec road warrior. I am trying to
> figure out how to configure so that traffic from a subnet of the road
> warrior is SNATted before being encrypted and routed into the ipsec
> tunnel. In essence I want
On Wed, 2010-07-14 at 09:36 -0700, Tom Eastep wrote:
>
> Near as I can tell,
As usual Tom, your instincts were right on the mark.
> you should simply need to:
>
> a) Add an IPSEC tunnel to /etc/shorewall/tunnels.
Which I did as:
#TYPE ZONEGATEWAY GATEWAY
#
On Jul 14, 2010, at 3:18 PM, Brian J. Murrell wrote:
> On Wed, 2010-07-14 at 09:36 -0700, Tom Eastep wrote:
>>
>> Near as I can tell,
>
> As usual Tom, your instincts were right on the mark.
>
>> you should simply need to:
>>
>> a) Add an IPSEC tunnel to /etc/shorewall/tunnels.
>
> Which I
On Wed, 2010-07-14 at 18:31 -0400, TomEastep wrote:
>
> It doesn't match the conntrack entry. The conntrack entry expects responses
> to be addressed to 199.10.8.5 but the response is coming back to
> 129.150.48.250.
Dmnnit. That was a cut'n'pasto-to-protect-the-innocento. Now that the
cat's
On 7/14/10 7:00 PM, Brian J. Murrell wrote:
>> What does your /etc/shorewall/masq entry look like?
>
> #INTERFACESOURCE ADDRESS PROTO PORT(S) IPSEC
> MARK
> eth0 192.168.122.0/24 129.150.48.250
I specifically said MASQUERADE, not SNAT.
-Tom
--
On Wed, 2010-07-14 at 20:06 -0700, Tom Eastep wrote:
> >
> > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
> > MARK
> > eth0192.168.122.0/24 129.150.48.250
>
> I specifically said MASQUERADE, not SNAT.
Yes, I know. But MASQUERADE results i
On 7/14/10 8:31 PM, Brian J. Murrell wrote:
> On Wed, 2010-07-14 at 20:06 -0700, Tom Eastep wrote:
>>>
>>> #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
>>> MARK
>>> eth0192.168.122.0/24 129.150.48.250
>>
>> I specifically said MASQUERADE, not
10 matches
Mail list logo
