[Shorewall-users] IPsec gateway - Shorewall - 1to1 NAT

Mon, 14 Apr 2025 10:56:47 -0700 

HELP! -- I just can't seem to figure out how to configure this.
I have a Shorewall/IPSEC VPN gateway configuration that is working great to my remote sites. Doing gateway to gateway and gateway to client tunnels where I have no network overlap issues. Where I am stuck at is I need to NAT my network to a different private network as the remote site already is using my private network range. 

I am using Debian 11 with v5.2.3.4 Shorewall.

But I have a site where there is an address conflict so I need to remap 
my 192.168.10.0/24 network to 172.17.87.0/24
to avoid issues.  They already have a 192.168.10.0/24 network in their 
systems.


I need to do the following:


192.168.10.0/24 <-> 172.17.87.0/24 <- IPsec tunnel -> 172.28.0.80/29 <-> 
172.28.0.82



Traffic from my 192.168.10.0/24 network needs to have it's addresses 
mapped to 172.17.87.0/24 network.
Then sent to the 172.17.87.0/24 to 172.28.0.80/29 tunnel and on to the 
172.28.0.82 server on their end.
Then their replies need to come back across the tunnel and be converted 
back from the 172.17.87.0/24 network to my 192.168.10.0/24 network.


I have the tunnel up and functional.

My issue is how to configure Shorewall to do the 1 to 1 translation and 
pass on to the tunnel.


Does anyone have an example of this that I could follow?

--
Rich Goodwin
Elmen Enterprises/Appliance & Furniture RentAll/KTTW
2901 W 11th Street
Sioux Falls, SD  57104

Voice:  (605) 338-1800 x220
Fax:    (605) 275-8361
E-mail: rgood...@rentall-inc.com

-------------------------------------------------
Confidentiality Notice:
 This e-mail message, including any attachments, is for the sole use
 of the intended recipient(s) and may contain confidential and privileged
 information. Any unauthorized review, use, disclosure, or distribution
 is prohibited. If you are not the intended recipient, please contact
 the sender by reply e-mail and destroy all copies of the original message.
-------------------------------------------------


--
This email has been checked for viruses by AVG antivirus software.
www.avg.com


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to