Just a heads up, this is not really a SHOREWALL question, although
shorewall is part of the solution. I am posting here because I know
there are some really smart people here who understand
iptables/routing/vpn and I believe can help answer my question or point
me in the right direction.
To simplify things let's says I have your typical 2-interface shorewall
setup one interface to internet the other to LAN. On the LAN network I
have a raspberry pi that I run nextcloud on. So I forward traffic from
internet to nextcloud server and everything works fine. So I decide I
also want to turn that raspberry pi into a wifi access point with
hostapd. So that is all setup and works fine. Now I decide I want to
turn that raspberry pi wifi access point into an access point whose
internet connection is through VPN. So that is all set up and working
fine <Doing a postroute; sending everything outbound through the tun0
interface>
So the issue, which I assume most people have figured out by now, is
that by doing the above, I have broken the ability of the internet to
connect to the raspberry pi nextcloud server. So shorewall still
forwards packets to raspberry pi which are received, but I assume return
packets instead of going back the way they came in now go out the tun0
interface (as told) which makes the packet "Lost in translation".
So what I would like to do is set up iptables on the raspberry pi so
that packets from the internet which came through eth0 (from shorewall
forwarding) go back the way they came, while still having the wifi
interface of raspberry pi still accept packets (from wifi access point)
and send those packets to the internet via the tun0 interface.
I tried reading packet marking both in shorewall and in iptables
thinking that is probably the solution, but I quickly was down the
rabbit hole and not necessarily getting closer to a solution.
So I am asking this group if 1) if what I am trying to accomplish is
possible. 2) Is marking packets the correct solution? 3) Anyone know
of a good guide that might help?
If this is against this mailing lists' rules and regulations, I
apologize. I thought as I believe the answer to be an iptables
solution, and I have subscribed to this list for many years, that people
here would certainly have the knowledge to help.
Thank You in advance.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
