I believe I have figured it out. Issue was in my netmap entries. Was using wrong interface(lan instead of wan and not specifying net3). Sent from my iPhone
> On Apr 14, 2025, at 12:55 PM, Rich Goodwin <rgood...@rentall-inc.com> wrote: > > HELP! -- I just can't seem to figure out how to configure this. > I have a Shorewall/IPSEC VPN gateway configuration that is working great to > my remote sites. > Doing gateway to gateway and gateway to client tunnels where I have no > network overlap issues. > Where I am stuck at is I need to NAT my network to a different private > network as the remote site already is using my private network range. > > I am using Debian 11 with v5.2.3.4 Shorewall. > But I have a site where there is an address conflict so I need to remap my > 192.168.10.0/24 network to 172.17.87.0/24 > to avoid issues. They already have a 192.168.10.0/24 network in their > systems. > > I need to do the following: > > 192.168.10.0/24 <-> 172.17.87.0/24 <- IPsec tunnel -> 172.28.0.80/29 <-> > 172.28.0.82 > > Traffic from my 192.168.10.0/24 network needs to have it's addresses mapped > to 172.17.87.0/24 network. > Then sent to the 172.17.87.0/24 to 172.28.0.80/29 tunnel and on to the > 172.28.0.82 server on their end. > Then their replies need to come back across the tunnel and be converted back > from the 172.17.87.0/24 network to my 192.168.10.0/24 network. > > I have the tunnel up and functional. > My issue is how to configure Shorewall to do the 1 to 1 translation and pass > on to the tunnel. > > Does anyone have an example of this that I could follow? > > -- > Rich Goodwin > Elmen Enterprises/Appliance & Furniture RentAll/KTTW > 2901 W 11th Street > Sioux Falls, SD 57104 > > Voice: (605) 338-1800 x220 > Fax: (605) 275-8361 > E-mail: rgood...@rentall-inc.com > > ------------------------------------------------- > Confidentiality Notice: > This e-mail message, including any attachments, is for the sole use > of the intended recipient(s) and may contain confidential and privileged > information. Any unauthorized review, use, disclosure, or distribution > is prohibited. If you are not the intended recipient, please contact > the sender by reply e-mail and destroy all copies of the original message. > ------------------------------------------------- > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
