I've seen this topic come up from time to time, thought I would give it a shot since those topics appear to never get any response.
Basically, I have two sites, each with it's own static IP address. I have an IPsec tunnel setup between the two sites and everything works fine when it comes to accessing the internal network of either site.
The setup is as follows: Site 1 WAN 12.53.x.x LAN 172.18.16.x / 24
Site 2 WAN 75.95.x.x LAN 192.168.0.x / 24
All machines on Site 1 can access all machines on Site 2 and vice-versa.
Now, what I want to do is NAT a port from Site 1 to a machine on Site 2 through the IPsec Tunnel. Yes, before you say it, wouldn't it be easier just to go directly through Site 2, but this is a situation I often see posted here without any answers and now I'm in a similar situation of strict security for a site setup.
So basically, I wanted to NAT port 80 from Site 1 to a machine at Site 2, say 192.168.0.100 for example. When I setup a NAT rule and use a web browser to test, I can see in the m0n0wall firewalls logs for site 1 where the request comes in and it allows access to port 80 on the machine at Site 2.
Unfortunately, nothing happens and the connection times out.
My first guess was that the Site 2 machine had the wrong gateway and thus was sending packets the wrong way. So I changed the default gateway of the machine to the local IP of Site 1 (172.18.16.1) The machine at Site 2 still has working Internet and as far as I could tell, was passing all of it's outbound traffic through the tunnel out Site 1 when I did some connection and ping test.
My conclusion is either it's not possible to do this or I need further configuration to setup.
Anyone have any ideas or feedback would be greatly appreciated!
|