Re: [Shorewall-users] Unable to setup DNAT via VPN

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 2/12/2015 8:28 PM, Tom Eastep wrote:
> On 2/12/2015 5:21 PM, Matthias F. Brandstetter wrote:
>> Hello, I am running Shorewall 4.5.5.3 on a Debian machine.
>>
>> I have a firewall (10.8.0.1) connected to an internal server (10.8.0.2)
>> via OpenVPN. On the firewall the VPN interface is called |tun0|. So in
>> my shorewall configuration I have this:
>>
>> |$ cat interfaces
>> #ZONE   INTERFACE   OPTIONS
>> -       lo          ignore
>> vpn     tun+        optional
>> net     eth+        dhcp,physical=+,routeback,optional
>>

I do notice that you apparently started with the Universal
configuration, where you now have a two-interface one. So it would be
good to remove the 'physical=+' from the OPTIONS list.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________