>> Hello! >> >> >> I'd like to ask if it is possible to connect local LAN network with >> external one to which access is provided by tap0 adapter (ShrewSoft >> connecting to CheckpointVPN gateway)? I have a server with eth0 adapter >> which is used as WAN adapter, tap0 (VPN) and eth1 which is acting as LAN >> interface. What I want to do is to grant access for users from this LAN >> (eth1) to network 10.49.41.0/24 available when tun0 is connected to VPN. >> Is it possible with Shorewall? If so, how? >> >> internet >> | >> |-eth0:10.48.10.27/24--->-| >> ^ tap0:10.44.70.68/32 [shrew soft connecting to CheckPoint VPN, DHCP] >> | >> |-eth1:192.168.1.1/24---<-| >> ^ >> | >> <-LAN >> ^ >> | >> < - 192.168.1.2/24 [how to connect to >> 10.49.41.111/32 ?] > Kris, > > There are two parts to this problem: > > a) Allowing the traffic. > b) Routing. > > The first part is easy. Define a zone 'vpn' to be associated with tap0, > then configure policies/rules to permit the traffic you want to allow. > > The second part will require that you masquerade traffic from your local > LAN to the remote network, unless the remote end can be configured to > route 192.168.1.1/24 through the VPN. If that isn't possible, then you > need this in the masq file: > > tap0 192.168.1.0/24 > > -Tom
Hi Tom, Thank you for your answer. I did that and it's still not working. Oct 18 16:50:31 devel kernel: [89702.530584] Shorewall:loc2vpn:ACCEPT:IN=eth1 OUT=tap0 MAC=00:21:91:f4:6c:44:5c:26:0a:05:fc:51:08:00 SRC=192.168.1.2 DST=10.49.41.127 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=701 DF PROTO=TCP SPT=12635 DPT=22 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 18 16:50:53 devel kernel: [89725.034448] Shorewall:loc2vpn:ACCEPT:IN=eth1 OUT=tap0 MAC=00:21:91:f4:6c:44:5c:26:0a:05:fc:51:08:00 SRC=192.168.1.2 DST=10.49.41.131 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=1655 DF PROTO=TCP SPT=12636 DPT=22 WINDOW=8192 RES=0x00 SYN URGP=0 Oct 18 16:51:16 devel kernel: [89747.989691] Shorewall:loc2vpn:ACCEPT:IN=eth1 OUT=tap0 MAC=00:21:91:f4:6c:44:5c:26:0a:05:fc:51:08:00 SRC=192.168.1.2 DST=10.49.41.111 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=1682 DF PROTO=TCP SPT=12639 DPT=22 WINDOW=8192 RES=0x00 SYN URGP=0 ^C Best regards, Kris ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
