[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shrew-vpn-help
Subject:    [vpn-help] Give access to more than one machine?
From:       listaddr () gmail ! com (Marco)
Date:       2011-09-14 10:25:30
Message-ID: CAHPDOiHEGgccomcRcBP2CRee-R906oK2oMF5D87GCd5MWu_0gw () mail ! gmail ! com
[Download RAW message or body]

2011/9/14 Kevin VPN <kvpn at live.com>:

> Ok, it does seem that the tunnel is working and that it is the NAT/SPI that
> is not working. ?The response packet from the remote LAN does pop out of the
> tunnel, addressed to the Shrew client host. ?At this point the NAT should be
> undone and the response packet sent on its way to 10.0.4.18.

Yes, that's my understanding of how it should work.

> Unfortunately, we're reaching the end of my usefulness. ?I've never played
> with iptables and NAT, so I'm only guessing now where to go on debugging
> this.

Well, thank you anyway for your time.

> I'm wondering if part of the problem is this business where the packet
> coming in is NATted to the Shrew virtual adapter IP. ?Maybe you could try
> using PREROUTING and have it NATted to the Shrew box's LAN IP instead of the
> Shrew IP.

Ah, that's an interesting suggestion. I'll play with it and let you know.
Thanks again!


[prev in list] [next in list] [prev in thread] [next in thread]