Hello, I''m trying to DNAT openvpn conections. I would like any request for http traffic coming in on the vpn interface to be redirected to the local lan 192.168.1.15 port 8002. I setup this rule: DNAT vpn loc:192.168.1.15:8002 tcp 80 but find it doesn''t work. What am I missing? The vpn interface can access the loc network. TIA
ALParada wrote:> Hello, > > I''m trying to DNAT openvpn conections. I would like any request for http > traffic coming in on the vpn interface to be redirected to the local lan > 192.168.1.15 port 8002. > > I setup this rule: > > DNAT vpn loc:192.168.1.15:8002 tcp 80 > > but find it doesn''t work. What am I missing? The vpn interface can access > the loc network. >What are you trying to do with this rule? How are you testing it? What is the setting of DETECT_DNAT_IPADDRS in shorewall.conf? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> ALParada wrote: > >> Hello, >> >> I''m trying to DNAT openvpn conections. I would like any request for http >> traffic coming in on the vpn interface to be redirected to the local lan >> 192.168.1.15 port 8002. >> >> I setup this rule: >> >> DNAT vpn loc:192.168.1.15:8002 tcp 80 >> >> but find it doesn''t work. What am I missing? The vpn interface can access >> the loc network. >> > > What are you trying to do with this rule? > How are you testing it? > What is the setting of DETECT_DNAT_IPADDRS in shorewall.conf? >Also, have you followed the DNAT debugging suggestions in Shorewall FAQs 1a and 1b? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> Tom Eastep wrote:> > What are you trying to do with this rule?All http connection request coming in through the vpn interface to be redirected to a proxy server at loc:192.168.1.15:8002. I can connect using the vpn client. I have access to loc: which includes the proxy server.> > How are you testing it?>From another location using the vpn client. Totally outside the network.> > What is the setting of DETECT_DNAT_IPADDRS in shorewall.conf?=No> Also, have you followed the DNAT debugging suggestions in Shorewall FAQs > 1a and 1b?Yes I have. 1a doesn''t apply, and 1b the packet count is 0. Thanks. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Friday, May 21, 2004 12:55 PM Subject: Re: [Shorewall-users] DNAT and VPN> Tom Eastep wrote: > > ALParada wrote: > > > >> Hello, > >> > >> I''m trying to DNAT openvpn conections. I would like any request forhttp> >> traffic coming in on the vpn interface to be redirected to the locallan> >> 192.168.1.15 port 8002. > >> > >> I setup this rule: > >> > >> DNAT vpn loc:192.168.1.15:8002 tcp 80 > >> > >> but find it doesn''t work. What am I missing? The vpn interface canaccess> >> the loc network. > >> > > > > What are you trying to do with this rule? > > How are you testing it? > > What is the setting of DETECT_DNAT_IPADDRS in shorewall.conf? > > > > Also, have you followed the DNAT debugging suggestions in Shorewall FAQs > 1a and 1b? > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
ALParada wrote:>>Tom Eastep wrote: > > >>>What are you trying to do with this rule? > > > All http connection request coming in through the vpn interface to be > redirected to a proxy server at loc:192.168.1.15:8002. > I can connect using the vpn client. I have access to loc: which includes the > proxy server. >You cannot do transparent proxying using DNAT this way. See http://shorewall.net/Shorewall_Squid_Usage.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net