Tom, > > 192.168.1.50 is in the "int" zone, isn't it? shouldn't that be > > > > /rules > > ... > > ACCEPT vpn1 int:192.168.1.50 tcp > > 25,587 > > DNAT int:192.168.1.50 vpn1:172.20.0.1 tcp 25 > > ... > > Yes.
Ok. One step closer. Thanks. > Out of curiosity, why do you have ipv4 zone 'loc' associated with 'lo'? > That is disallowed by recent versions of Shorewall. It's disallowed? Missed that :-/ Could've sworn I picked it out of an example. I've done this thinking that since I'll need rules for "lo" <-> other interfaces, that I need the zone. IPv4 made sense to me at the time. Honestly, I haven't gotten as far as those rules yet, still fighting to get this mailserver-over-vpn setup working. Jerry ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
