> What you are trying to do *will never work*. You are accepting web > connections on the public IP address on the Shorewall router, port > forwarding them to the web server who is trying to reply out of the WG > server. There are two problems with this idea: > > a) The WG server can't reverse the effect of the DNAT in the router, so > the responses are going out with the wrong source IP. > > b) Even if DNAT were not involved, you would likely be sending packets > out through one ISP with source addresses assigned to another ISP. Those > are subject to being dropped. > > -Tom
Understand. But I only arrived here after my sites went down with no mods to the webserver VM, and a full day of trying to get them back up. And my goal is ultimately to move my server to the outgoing VPN, but that's low priority. Sites out is high priority.
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
