Hey All, I''ve got an interesting setup and so you know the idea behind it is I have 2 networks work and home. I want to be able to access my home networks newsgroups but they are block to only be usable to by ips that are from the ISP. So I''ve setup my home openvpn to accept connections. And my work firewall which is masqing for the work computers I have setup to vpn into the home network. This works perfectly I can ping back and forth. My next step was to route the ip address for the news.east.cox.net through the VPN this also works like a charm. I''ve tested it with tcpdump -i br0 -t icmp and I can see the packets coming through. However the initial problem I had was that the packets then went out of eth0 to the internet but never returned. I solved this problem by adding the following line to my HOME networks masq file eth0 eth1 -- Old allows masqing for internal computers eth0 br0 After I added the 2nd line my work firewall machine could ping directly to the news.east.cox.net. Now the next step was to see if the internal work computers could ping news.east.cox.net and have it go through the VPN. I encountered the same problem I did with the firewall that the packets would go through the vpn and out eth0 but never return. I''m assuming that the solution is another line in my masq file to allow the work computers internal network to be forwarded through it. I''ve tried a few things but nothing seems to work. eth0 192.168.2.0/24 eth0 192.168.2.30 I should say that my works internal computer network is on 192.168.2.0 subnet and my home network is 192.168.1.0. Please let me know if I''ve missed an obvious line that will allow this to work. I''ve included my firewall info for the home network and the shorewall status in an attachment. Thanks
J P wrote:> Please let me know if I''ve > missed an obvious line that will allow this to work. I''ve included my > firewall info for the home network and the shorewall status in an > attachment.You are going about configuring a bridge in Shorewall all wrong. As I recall, you don''t have Netfilter/Bridge support in your kernel so you want to proceed as described at http://www1.shorewall.net/SimpleBridge.html. That article described bridging two NICs but bridging a NIC and a tap device works exactly the same. Neither the NIC nor the tap device are assigned an IP address and consequently, neither should be described to Shorewall. What you want is basically the setup in the two-interface QuickStart Guide (http://www.shorewall.net/two-interface.htm) with br0 as the local interface and ''routeback'' specified in its options. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
J P wrote:> > I should say that my works internal computer network is on 192.168.2.0 > subnet and my home network is 192.168.1.0.Also, if you are bridging these two, why are they on different networks? The whole point of configuring a layer-two bridge is to put all of the systems involved in the same broadcast domain. If that isn''t a requirement then configuring the VPN as a tunnel rather than a bridge is more appropriate. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key