Hi, I have an openvpn interface tun1 which provides me a fixed IP from
the outside. I'm planning to forward certain ports and protocols to
certain VMs in the local LAN.
setup:
=====test machine outside my LAN: x.x.x.18
router in my LAN: 192.168.2.1
Shorewall machine in my LAN:
tun1 x.x.x.245
eth0 192.168.0.1
eth1 192.168.2.151 with gw 192.168.2.1
VM in my LAN:
eth0 192.168.0.11 with gw 192.168.0.1
rules file on the shorewall machine:
DNAT net loc:192.168.0.11 icmp - - x.x.x.245
I intend to make working: ping from outside to x.x.x.245 and the ping
gets forwarded to loc:192.168.0.11. Then 192.168.0.11 should send the
icmp reply back to the outside machine.
What IS working:
===============ping from outside to x.x.x.245, icmp gets forwaded to
192.168.0.11 and
192.168.0.11 DOES reply.
... as shown by tcpdump:
x.x.x.18 > 192.168.0.11: ICMP echo request, id 53086, seq 657,
length 64
02:14:58.029859 00:xx:xx:xx:b1:f9 > 00:xx:xx:xx:8d:f4, ethertype IPv4
(0x0800), length 98: (tos 0x0, ttl 64, id 46258, offset 0, flags [none],
proto ICMP (1), length 84)
192.168.0.11 > x.x.x.18: ICMP echo reply, id 53086, seq 657, length 64
02:14:59.029082 00:xx:xx:xx:8d:f4 > 00:xx:xx:xx:b1:f9, ethertype IPv4
(0x0800), length 98: (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto
ICMP (1), length 84)
i.e. the ICMP echo reply arrives back on the interface eth0.
What is NOT working:
===================The ICMP echo reply won't get forwarded to x.x.x.18 over
tun1.
What do I have to do in order to make that working?
I'm having the same problem with a port forward:
nc -l 6999 ....... on one side
echo "hello" | nc x.x.x.245 6999 ........ on the other side
with a rules file entry
DNAT net loc:192.168.0.11:6999 tcp 6999 -
x.x.x.245
Same question here. I see the reply on the interface eth0, but I see no
forward of the reply to tun1.
Thanks in advance
Regards
Michael
------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform