[vpn-help] Give access to more than one machine?

Marco listaddr at gmail.com
Wed Sep 14 05:25:30 CDT 2011


2011/9/14 Kevin VPN <kvpn at live.com>:

> Ok, it does seem that the tunnel is working and that it is the NAT/SPI that
> is not working.  The response packet from the remote LAN does pop out of the
> tunnel, addressed to the Shrew client host.  At this point the NAT should be
> undone and the response packet sent on its way to 10.0.4.18.

Yes, that's my understanding of how it should work.

> Unfortunately, we're reaching the end of my usefulness.  I've never played
> with iptables and NAT, so I'm only guessing now where to go on debugging
> this.

Well, thank you anyway for your time.

> I'm wondering if part of the problem is this business where the packet
> coming in is NATted to the Shrew virtual adapter IP.  Maybe you could try
> using PREROUTING and have it NATted to the Shrew box's LAN IP instead of the
> Shrew IP.

Ah, that's an interesting suggestion. I'll play with it and let you know.
Thanks again!



More information about the vpn-help mailing list