On SERVER side I have a port forwarding on tcp 80 to 10.0.0.2, so from
eth1 I can reach PC on 192.168.100.2:80 and this is working fine.
As a new upgrade to my server I added a vpn connection from SERVER to
NET 192.168.1.0 behind VPN GW, this also is working fine and host on
192.168.1.0 net can reach SERVER on 192.168.2.38 and vice versa. The
problem is that port forwarding is not working on vpn, so if I try to
reach PC from 192.168.1.x to 192.168.2.38:80 it fail.
The vpn client used on SERVER is ShrewSoft, he bring up tap0 interface
when vpn is established, anyway tcpdump show packet flowing only on
eth1 (type ESP).
This is my iptables, really stripped down:
# Generated by iptables-save v1.4.8 on Wed Mar 28 15:17:11 2012
*mangle
:PREROUTING ACCEPT [2107490:2462265619]
:INPUT ACCEPT [2006646:2354121292]
:FORWARD ACCEPT [100696:108135052]
:OUTPUT ACCEPT [1234102:150431085]
:POSTROUTING ACCEPT [1334795:258565885]
COMMIT
# Completed on Wed Mar 28 15:17:11 2012
# Generated by iptables-save v1.4.8 on Wed Mar 28 15:17:11 2012
*nat
:PREROUTING ACCEPT [8148:633084]
:POSTROUTING ACCEPT [798:50506]
:OUTPUT ACCEPT [759:47902]
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.254.254.2:80
COMMIT
# Completed on Wed Mar 28 15:17:11 2012
# Generated by iptables-save v1.4.8 on Wed Mar 28 15:17:11 2012
*filter
:INPUT ACCEPT [2006634:2354120173]
:FORWARD ACCEPT [100696:108135052]
:OUTPUT ACCEPT [1234099:150430833]
COMMIT
# Completed on Wed Mar 28 15:17:11 2012
Any help will be very appreciated
Thank you
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAMRjn=Ox1Rzq8fEnvCMs=_=-k_pdbcG4Mzz2JtetQTUxfLNhyQ@mail.gmail.com">http://lists.debian.org/CAMRjn=Ox1Rzq8fEnvCMs=_=-k_pdbcG4Mzz2JtetQTUxfLNhyQ@mail.gmail.com
vpn ipsec + port forwarding
