Glad you''re back.
I found that I can specify the remote vpn IP with a /32 netmask in the
second column of the masq file. This seems to accomplish the same
thing.
I have another question though.
The roadwarrior''s IP address is not known at the time shorewall starts
in the home network. So I find that the only way to masquerade the
roadwarrior is by using ssh to connect to the home network and
restarting shorewall after typing the roadwarrior IP address/32 in the
masq file. Is there a way to make this seamless. That is the
roadwarrior automatically gets masqueraded upon connection to the home
network?
Thanks.
On Sun, 2003-09-14 at 19:52, Tom Eastep wrote:> On Tue, 2 Sep 2003, cmisip wrote:
>
> > I have cable internet service and when I try to masquerade a vpn from
a
> > remote dialup host, shorewall tells me that it is masquerading the
> > remote host and the cable subnet to which my home network is
connected.
> > So for example, If my IP is 12.23.45.67 and the remote vpn host is
> > 22.22.33.33. Then if I add an entry to /etc/shorewall/masq:
> >
> > eth0 ipsec1
> >
> > Then, the vpn host gains an internet connection but shorewall tells me
> > that it is masquerading both:
> >
> > 22.22.33.33/32
> > 12.23.45.0/24
> >
>
> Shorewall uses the routing table to decide what to masquerade when you put
> a device name in the second column -- if you don''t like that then
specify
> a subnet address in that column.
>
> -Tom
> --
> Tom Eastep \ Shorewall - iptables made easy
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm