I THINK this is a DNAT issue but I'm not certain, since I haven't messed with
dual interface and DNAT in years.
I could very well have something else misconfigured somewhere. :)
Long story short, I'm trying to use a VPS as a tunnel to my LAN since my ISP
keeps breaking bridge mode (and it's currently been broken for about a month..).
So basically right now I have
Internet -> VPS -> LAN (via wireguard tunnel)
I can ping and ssh from VPS to various machines on LAN as well as from LAN to
VPS, so the routing and basic rules there all seems to be good.
However, when I add a DNAT rule it does not appear to actually hit the
destination (or something is not establishing).
I'm testing with my OpenVPN client (maybe a bad idea?) since that should be
fairly straight forward...
Zones:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
vpn ipv4
Interfaces:
#ZONE INTERFACE OPTIONS
net eth0 dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0
vpn wg0 routeback
Policy:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT
vpn all ACCEPT
$FW vpn ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
DNAT Rule from Rules:
#OpenVPN
DNAT net vpn:192.168.100.6 udp 1194
Wireguard subnet: 192.168.10.0/24
Home server subnet: 192.168.100.0/24
shorewall show nat
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
4 328 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 to:192.168.100.6
VPN client on phone just gives the standard failed to complete handshake in 60
seconds blah blah.
Any thoughts/suggestions?
Thanks!
---
Mark D Montgomery II
https://www.techiem2.net (Personal Site)
https://shop.techiem2.tv (Photo Portfolio/Shop)
https://pillar.io/techiem2 (Social links, etc.)
Sent with [Proton Mail](https://proton.me/mail/home) secure email.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
