Re: [Shorewall-users] IPSEC & masq

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 2/13/2015 4:15 PM, Raimonds Cicans wrote:
> On 14.02.2015 00:10, Tom Eastep wrote:

>>
>> As far as Netfilter is concerned, the traffic is not zdmz->zvpn but
>> zvpn->zinet. So, in addition to the masq entry, you need a rule:
>>
>> ACCEPT	net:remote_internal_lan	zdmz
>>
> 
> Little fix - it should be other way around:
> ACCEPT    zdmz    zinet:remote_internal_lan
> 

Yep. And if you need to be able to establish connections in both
directions, then you will need both rules.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________