João Kuchnier wrote: > Tom, > > Thanks for your help. I manage do configure IPSec connection through > firewall using the rules specified at http://www.shorewall.net/VPN.htm > with nat transversal. > > Now, my only problem is using shorewall on the VPN Server. The rules I > mentioned before are correct? > > RULES > DNAT all net:192.168.1.xxx udp 2000 > DNAT all net:192.168.1.xxx udp 2010 > DNAT all net:192.168.1.xxx tcp 2004 > > I need to nat specific packages coming from VPN connection to another > two servers. This servers needs to respond this packages using the ipsec > tunnel.
I'm sorry but I'm completely confused about what you are trying to do. So I can't say whether those rules are correct or not. It looks to me like you are trying to use routing/DNAT to 'help' IPSEC where IPSEC could probably do what you want by itself. It strikes me that 192.168.1.xxx will probably send its responses to the redirected requests back through your main firewall rather than through the VPN server which, of course, won't work. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
