I just upgraded shorewall (4.5.18 now) and rebooted the vps and still no go. iptables -L shows in the net2net chain:
ACCEPT udp -- anywhere home_hostname ctorigdst vps_hostname udp dpt:openvpn
Quoting "Mark D. Montgomery II" <techi...@techiem2.net>:
Ok. I made the changes as best as I could understand them from the FAQ and restarted shorewall (currently 3.4.8 if that makes a difference).interfaces: net eth0 detect dhcp,routefilter,tcpflags,nosmurfs,blacklist,routeback masq: eth0:vps_ip eth0 home_ip udp 1194 rules: DNAT net net:home_ip udp 1194 - vps_ip shorewall.conf: IP_FORWARDING=ON When I start openvpn it times out connecting.When I run iptraf on the vps I see the connection come in, but it doesn't seem to be getting out to the home location where the vpn server is (no activity there showing the connecting coming in).Thanks! Mark II Quoting Tom Eastep <teas...@shorewall.net>:On 11/4/2013 10:04 PM, Mark D. Montgomery II wrote:I'm trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn't like that (it just failed to start). I tried adding the rules via command line directly from a bit of searching I did: sysctl net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p udp --dport 1194 -j DNAT --to-destination <siteb ip>:1194 iptables -t nat -A POSTROUTING -j MASQUERADE When I did that dmesg gave Forward:Reject messages. Can someone point me to the correct way to do this?That is Shorewall FAQ 2 with the 'loc' zone replaced by the 'net' zone. Also note FAQ 2c. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________-- Mark D. Montgomery II http://www.techiem2.net
-- Mark D. Montgomery II http://www.techiem2.net
binhOsVhfQjCR.bin
Description: PGP Public Key
pgpDjcNe5CnUM.pgp
Description: PGP Digital Signature
------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
