FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-28-2012, 01:18 PM
lestoilfante
 
Default vpn ipsec + port forwarding

Dear all,
I would like to ask if someone could point me out to a solution for
problem that is fooling me from some days.
This is my situation:

--- NET 192.168.1.0/24 ---/MULTIPLE HOST
* * * * * * *|
_______|___________
| LAN 192.168.1.1 |
| --- VPN GW ---- |
| WAN 192.168.100.7 |
|__________________|
* * * * * *|
* * * * * *|
* * * * * *|
___________________________________
|* ETH1 192.168.100.2 |
| --- SERVER --- |
| ETH0 10.0.0.1 + TAP0 192.168.2.38 |
|___________________________________|
* * * * * *|
* * * * * *|
__________
|**10.0.0.2* |
|*--- PC --- |
|_________|

On SERVER side I have a port forwarding on tcp 80 to 10.0.0.2, so from
eth1 I can reach PC on 192.168.100.2:80 and this is working fine.
As a new upgrade to my server I added a vpn connection from SERVER to
NET 192.168.1.0 behind VPN GW, this also is working fine and host on
192.168.1.0 net can reach SERVER on 192.168.2.38 and vice versa. The
problem is that port forwarding is not working on vpn, so if I try to
reach PC from 192.168.1.x to 192.168.2.38:80 it fail.

The vpn client used on SERVER is ShrewSoft, he bring up tap0 interface
when vpn is established, anyway tcpdump show packet flowing only on
eth1 (type ESP).

This is my iptables, really stripped down:

# Generated by iptables-save v1.4.8 on Wed Mar 28 15:17:11 2012
*mangle
:PREROUTING ACCEPT [2107490:2462265619]
:INPUT ACCEPT [2006646:2354121292]
:FORWARD ACCEPT [100696:108135052]
:OUTPUT ACCEPT [1234102:150431085]
:POSTROUTING ACCEPT [1334795:258565885]
COMMIT
# Completed on Wed Mar 28 15:17:11 2012
# Generated by iptables-save v1.4.8 on Wed Mar 28 15:17:11 2012
*nat
:PREROUTING ACCEPT [8148:633084]
:POSTROUTING ACCEPT [798:50506]
:OUTPUT ACCEPT [759:47902]
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.254.254.2:80
COMMIT
# Completed on Wed Mar 28 15:17:11 2012
# Generated by iptables-save v1.4.8 on Wed Mar 28 15:17:11 2012
*filter
:INPUT ACCEPT [2006634:2354120173]
:FORWARD ACCEPT [100696:108135052]
:OUTPUT ACCEPT [1234099:150430833]
COMMIT
# Completed on Wed Mar 28 15:17:11 2012


Any help will be very appreciated

Thank you


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAMRjn=Ox1Rzq8fEnvCMs=_=-k_pdbcG4Mzz2JtetQTUxfLNhyQ@mail.gmail.com">http://lists.debian.org/CAMRjn=Ox1Rzq8fEnvCMs=_=-k_pdbcG4Mzz2JtetQTUxfLNhyQ@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 09:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org