Hi Dj, You simply need to dnat the port corresponding to the openvpn server so the requests coming from the outside world can directly go to the MNF openvpn port.
So, if you run openvpn on port 1194 on MNF, than make sure you dnat that port on the dsl router. As simple as that. In this way, the dsl router 1194 port requests will be forwarded to the mnf 1194 port. sincerely, - Florin On Tue, 15 Mar 2005 12:11:54 +0000, Dj <[EMAIL PROTECTED]> wrote: > Florin wrote: > > >Dj <[EMAIL PROTECTED]> writes: > > > > > > > >>Hi Florin, > >>Two Questions > >>1. Any sign of draft documentation being released any time soon? Probably > >>save a lot of the questions you are answering here (including mine!!). > >> > >>2. I am unsure of something in my setup that is causing problems. My > >>setup looks like this: > >> > >>192.168.1.0/24 Home Lan--------->192.168.1.200/24MNF eth1----------->MNF > >>eth2 192.168.10.30/24---------->192.168.10.1/24 (LAN Interface) DSL Router > >>213.202.xx.xx (DSL Interface)----->Internet > >> > >>All works well except my OpenVPN. My tun interface on MNF2 has an address > >>of 10.1.0.1 and 10.1.0.2 on the client. > >> > >>The DSL router has a build in firewall. I can NAT incoming traffic to > >>allow it through. My question is, should I put a NAT rule to allow port > >>5000 through to 192.168.10.1 or 10.1.0.1. I'm not sure which? Neither > >>seems to work. The client always times out waiting to connect. Any advice > >>appreciated. > >>Dj. > >> > >> > > > >the way I see it is the following: > >you want to bypass your dsl router and make mnf appear to the outside > >world as the dsl router (at least for openvpn operations), so you need to > >dnat the incoming packagets on 213.202.xx.xx (the openvpn port) to the mnf > >external interface IP, which is 192.168.10.30 (eth2) if I understand > >correctly. > > > >my 2cts, > > > > > Hi Florin, > I have been away from my MNF2 system for a few months, and am only > getting back to it now. > Your understanding of my situation above is correct, I want to hide my > DSL router, and will therefore setup dnat as suggested. > > Now a couple of other questions on this: > 1. Do i do a dnat on the router to just the openvpn port on my MNF eth2 > interface, or dnat everything coming in? > > 2. I am confused about the firewall rules required. Do i need to allow > traffic on the openvpn port from 192.168.10.30 to 10.1.0.1, or is it > from 213.202.xx.xx to 10.1.0.1, or from 10.1.0.2 to 10.1.0.1, or a > combination of all three? > > Thanks, > Dj. > > > ____________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Join the Club : http://www.mandrakeclub.com > ____________________________________________________ > > > -- Florin
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
