Shorewall users - Sep 2003 - Port redirection to external

I have an internal network behind Shorewall with VPN
access for a user. There is a SQL Server that we have
access to at another location on the Internet. Only
our gateway IP is allowed in on a specific port.

The user on the VPN needs access to this server. What
I want to do is have the user connect to our shorewall
machine through the VPN and get redirected to the SQL
Server. (I know this isn''t the best solution, but I
need this done ASAP and will be developing a better
solution later. [I hope])

Can this be done with Shorewall? I have tried the
rule:

DNAT   vpn   net:ip    tcp    <in-port>

but that did not work.

Thanks for your help!
JamesS

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

On Tue, 2003-09-23 at 14:26, James Sturdevant wrote:
> I have an internal network behind Shorewall with VPN
> access for a user. There is a SQL Server that we have
> access to at another location on the Internet. Only
> our gateway IP is allowed in on a specific port.
> 
> The user on the VPN needs access to this server. What
> I want to do is have the user connect to our shorewall
> machine through the VPN and get redirected to the SQL
> Server. (I know this isn''t the best solution, but I
> need this done ASAP and will be developing a better
> solution later. [I hope])
> 
> Can this be done with Shorewall? I have tried the
> rule:
> 
> DNAT   vpn   net:ip    tcp    <in-port>
> 
> but that did not work.
> 
I would:

a) Have the user add a route through the VPN to the SQL server''s IP.
b) Masquerade (SNAT) traffic from the vpn to the net.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net