On 12/28/18 10:08 AM, C. Cook wrote: > Idk whether this is a Shorewall question or not. > > My LAN has a class C of 192.168.1.0. The gateway for all LAN members is > 192.168.1.1 > > Now one of the LAN members is a KVM VM at 192.168.1.16, and it is the > Wireguard VPN server. Remote machines come in through the gateway and > are port-forwarded to the VPN server for full access to the LAN. This > works fine now. (Thank you) > > First Question: Remote VPN members can access any node in the LAN, but > can not get back out through the gateway for internet access. Any idea > where I should look? The VPN server does have its gateway set to > 192.168.1.1.
Is the remote VPN client configured to use the VPN as a default route? > > Second Question: Another member of the LAN, 192.168.1.4, is the backups > server. And the backups server runs a KVM VM which handles all security > cameras (ZoneMinder) through a dedicated port in the class C of > 10.1.50.0. This security cam VM has a second IP in the class C of the > LAN and serves Zoneminder to the LAN this way. > > I would like to serve Zoneminder to the outside only on the VPN. Does > that mean I port-forward 80 to the VPN server, either through a reverse > SSH tunnel or by Shorewall DNAT? Then to access it from remote on the > VPN server? Is this the best way? Would it then also still be > accessible to the LAN? I'm confused. Who initiates this TCP connection on port 80 and where is the http server? > > Third Question: The cameras on 10.1.50.0 are only visible to the > cameras server on a dedicated port. These cameras provide a high-res > RTSP stream and a low-res RTSP stream, the latter being appropriate for > a remote phone. Can anyone see how I can pipe the low-res stream to the > VPN server so it's accessible by a remote phone? > Is this stream accessible from other hosts on the LAN? If so, how? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
