Reply To: VPN LAN-to-LAN and IP Masquerading

Home Page Forums Network Management ZeroShell VPN LAN-to-LAN and IP Masquerading Reply To: VPN LAN-to-LAN and IP Masquerading

#53719

redfive
Participant

Ok , I wrote about remove the nat just for keep the L3 transparency across the vpn link, anyway… assuming that your internal servers are on the same broadcast domain of your internal lan (the 10.0.0.0/24 network, and not on a dedicated DMZ), try this..remove the ETH00 from NAT enabled interfaces, and in SYSTEM,Setup, Scripts/Cron, Nat and Virtual Servers, add this line and then enable the script

iptables -t nat -I POSTROUTING -o ETH00 -s 10.0.0.0/24 -d 10.0.0.0/24 -j MASQUERADE

This will do NAT only for packets coming from the lan and destinated to the lan as well (when you try to reach one of your server via FQDN from a pc which is in the same lan)…..
If it will work ( and it should) then you can play with a ‘fine tuning’ of your rules…
Regards