[ previous ] [ next ] [ threads ]
 
 From:  "a.gatta" <a dot gatta at tiscali dot it>
 To:  Peter Allgeyer <allgeyer at web dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Openvpn, problem with Inbound Nat on Opt interface
 Date:  Fri, 24 Mar 2006 09:07:09 +0100
Peter Allgeyer wrote:

>Am Donnerstag, den 23.03.2006, 19:11 +0100 schrieb a.gatta:
>
>  
>
>>It seems that m0n0 is not doing nat on Opt 1 for inbound connections 
>>and, worste thing, seems like that any connection in the outbound 
>>direction is dropped by the clinup rule ( any any drop ).
>>    
>>
>I can't see any firewall rules for opt1. Please be sure to add an
>incoming rule to 192.168.30.3 from "local lan" on opt1.
>  
>
>>Attach you will find the xml config file and the output from 
>>"status.php" (file: monoinfo.txt)
>>    
>>
>Are there any good reasons for choosing tcp as tunneling protocol? Udp
>is much more better in case of openvpn. Second: Any good reason for
>doing NAT?
>
>BR,
>  PIT
>
>
>---------------------------------------------------------------------------
> copyleft(c) by |           *** PUBLIC flooding detected from erikyyy
> Peter Allgeyer |   _-_      THAT's an erik, pholx.... ;)   --
>                | 0(o_o)0   Seen on #LinuxGER
>---------------oOO--(_)--OOo-----------------------------------------------
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>  
>
Hi Pit,
the only reason for me to choose tcp is that the openvpn server is not 
under my administration, that is, th server listen on tcp port.

Nat (outbound,hiding behind opt 1 address my Lan segment ) is the only 
way I can reach networks behind the openvpn servers.

I am tryng to manage connections initiated from network behind the 
openvpn server to my Lan segment ( with inbound nat, ie. to reach a Lan 
host on ssh service).

For this kind of connections Inbound nat redirect connection to the opt 
1 address on port 22 to the same port but of an internal host.

Hope is clear.

Cheers