We have LAN, made up of a number of KVM virtual machines, one of which is the
router for the WAN and another is the IPSec gateway. (Libreswan)
I have DNAT working fine from the (internal) IPSec gateway through the router
to my phone and back. A while ago Tom gave me an iptables command to allow the
phone access to the rest of the LAN. But it doesn't work in the reverse, and
it may not be the Shorewall way to do traffic in both directions, although I
have no evidence of this.
So there exists the LAN, remote phones, remote laptops, and a remote mail
server. We'd like all to communicate democratically using Libreswan, each with
their own auth credentials. The Libreswan part is no problem, but I can't
figure out how to direct traffic originating from the LAN to the relevant other
locations using SNAT (through the IPSec gateway), and, in the reverse direction.
Ideally I'd like the VPN to have its own class C IPs with -static- (or known)
addresses, so they are predictable, although I don't know how to do this. Also
I'd like all IPSec traffic to/from the LAN to go through the IPSec gateway,
although I don't know how to do this with Shorewall.
Chances are good I can get any Libreswan questions answered by others, but it's
the DNAT and SNAT issues that I can't sort out from the docs for this use-case.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users