Tom,
on my HOME/OFC FIREWALL
---------------------
HOME/OFC FIREWALL + Shorewall firewall
eth0: D.D.D.2/29
eth1: 192.168.1.2/24
tun0: 172.20.0.2/24
loc: 127.0.0.1/8
---------------------
/interfaces
#ZONE INTERFACE OPTIONS
net eth0
tcpflags,nosmurfs,logmartians=1,routefilter=1,sourceroute=0
int eth1 logmartians=1,routefilter=1
loc lo
- tun+ -
/hosts
#ZONE HOST(S) OPTIONS
vpn1 tun+:172.20.0.0/24
your suggestion to add to HOME/OFC FIREWALL
/rules
...
ACCEPT vpn1 loc:192.168.1.50 tcp
25,587
DNAT loc:192.168.1.50 vpn1:172.20.0.1 tcp 25
...
is addressing the LAN mailserver @192.168.1.50 in "loc" zone.
192.168.1.50 is in the "int" zone, isn't it? shouldn't that be
/rules
...
ACCEPT vpn1 int:192.168.1.50 tcp
25,587
DNAT int:192.168.1.50 vpn1:172.20.0.1 tcp 25
...
?
Jerry
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
