Hi everyone!
First of all, sorry about my bad English and the e-mails extension.
I need some help to implement a VPN connection using shorewall and openswan
as IPSec Tunnel.
My network map:
CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
(DMZ)
I have two VPN connections with two different subnets to the other end. The
two of then are correctly established.
One of my doubts is how to configure the hosts, tunnels and zones stuff
linking to the VPN server on DMZ. I have this files from now:
shorewall 1
zones:
xxx
conn1 ipv4
conn2 ipv4
tunnels:
ipsec net 200.xxx.xxx.xxx
hosts:
conn1 eth0:192.168.102.0/24,200.xxx.xxx.xxx ipsec
conn2 eth0:10.201.136.0/21,200.xxx.xxx.xxx ipsec
policy:
conn1 $FW ACCEPT info
conn2 $FW ACCEPT info
$FW conn1 ACCEPT info
$FW conn2 ACCEPT info
dmz conn1 ACCEPT info
dmz conn2 ACCEPT info
rules:
DNAT conn1 dmz:192.168.1.224
DNAT conn2 dmz:192.168.1.224
Are they correct?
The 192.168.1.224 is the server running Openswan (eht0 only). On this
server, I'm running another shorewall (accepting everything incoming ant
outcoming). When reaching the vpn server, I nat'ing 3 specifics ports to
another two servers on DMZ. Apparently, here is the problem. The second
subnet (10.x.x.x), and the most important one, is not comunicating properly.
I think my second firewall is not working correctly.
shorewall 2
rules:
DNAT all net:192.168.1.xxx udp xxx
DNAT all net:192.168.1.xxx udp xxx
DNAT all net:192.168.1.xxx tcp xxx
Are this rules correct? I need to implement tunels and hosts files on this
shorewall too?
Best regards,
João K.
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users