Hi.
I have 2 networks:
Home: 192.168.1/0/24 with ipcop at 192.168.1.2 and a ppp dialout to work
on a machine at 192.168.1.3
Work: 192.168.168.0/24 with wan router at 192.168.168.254 and ppp dialin
box at 192.168.168.31. dialin ppp gets 192.168.168.30
The ppp dialin box is an ancient redhat affair, which is set th masq the
network on the other side of the link - it works, any box on the work
network can ping any box on the home network once it has a route to .31
All work boxes have a default gw of the wan router.
All home boxes have a default gw of the ipcop box.
I started trying to get a simple masq''d connection from home to work
over the ppp link, but I cannot for the life of me get it to play. The
fact that the work -> home interface works tells me that routing is
pretty much ok, but I keep hitting deadends on the home --> work setup.
When I look at the log after trying to ssh from home to work, I see
this:
Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=192.168.1.211
DST=192.168.168.91 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=12777 DF
PROTO=TCP SPT=35786 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Any help as to why eth0 is being selected for both in and out?
In the setup instructions on the website there is a comment that the
default gateway must be set to the outgoing interface, but this will
break the rest of the home network (the shorewall box does mail and
various other activities via ipcop, I cannot manually set routes for
them, but I can set routes for the networks on the other side of the ppp
link)
I know that I am trying to connect two rfc1918 networks together, and it
seems logical to use SNAT for this if I can get it working so that I
don''t have to modify heaps of routing entries on all the work hosts.
Connecting to those hosts is fine from the shorewall box, it''s the
machines on the home network that are having trouble.
Any help appreciated. Maybe there is a simpler solution than shorewall?
Am I using a hammer to crack a nut?
Regards,
Michael