Re: [Shorewall-users] Shorewall + IPsec Tunnel

Wed, 10 Jun 2009 10:09:14 -0700 

2009/6/10 Tom Eastep <teas...@shorewall.net>

> João Kuchnier wrote:
> > Tom,
> >
> > Thanks for your help. I manage do configure IPSec connection through
> > firewall using the rules specified at http://www.shorewall.net/VPN.htm
> > with nat transversal.
> >
> > Now, my only problem is using shorewall on the VPN Server. The rules I
> > mentioned before are correct?
> >
> > RULES
> > DNAT    all     net:192.168.1.xxx       udp     2000
> > DNAT    all     net:192.168.1.xxx       udp     2010
> > DNAT    all     net:192.168.1.xxx       tcp     2004
> >
> > I need to nat specific packages coming from VPN connection to another
> > two servers. This servers needs to respond this packages using the ipsec
> > tunnel.
>
> I'm sorry but I'm completely confused about what you are trying to do.
> So I can't say whether those rules are correct or not.
>

--> Sorry, I will try to explain better...


>
> It looks to me like you are trying to use routing/DNAT to 'help' IPSEC
> where IPSEC could probably do what you want by itself. It strikes me
> that 192.168.1.xxx will probably send its responses to the redirected
> requests back through your main firewall rather than through the VPN
> server which, of course, won't work.


--> Yes, something like this. The firewall running on the openswan server
(only one interface), besides accepting every conection, will nat three
types of connections to two different  servers. On this two servers, I
created two routes for them to respond vpn incoming packages. The gateway of
this rules are directed to the openswan server.

Routes on one of the other servers on dmz...
192.168.102.0   192.168.1.224   255.255.255.0   UG    0      0        0 eth2
10.201.136.0    192.168.1.224   255.255.248.0   UG    0      0        0 eth2

Do you think the request response can get through vpn connection?

João

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to