Firewall Rules to add VPN Network into my LAN Network
Dear Friends of Linux Questions
I greet you at the same time ask me to help with a problem I have and I could not solve. Within the requirements I have is to connect a network that is connected by VPN to my LAN.
The detail is I could have connection to the network by adding a network card (eth3) on the firewall and connect to the VPN router (DLINK) cable network, but I can not reach the other estin that are in the VPN.
My network works in this network range: 192.168.0.0/16
Which network to connect 10.30.0.0/24
Currently, we have three branches interconectads:
ZONE 1: 10.30.1.0 (RESPONDE PACKAGES) LOCATION: DATACENTER CONNECTION: CABLE NETWORK WITHOUT PROBLEMS
ZONE 2: 10.30.2.0 (NO ANSWER)
ZONE 3: 10.30.3.0 (NO ANSWER)
ZONE 4: 10.30.4.0 (NO ANSWER)
CURRENT RULES TO CONNECT FIREWALL: 10.30.1.0/24
My home network works in this network range: 192.168.0.0/16
Which network to connect 10.30.0.0/24
ROUTE
-----------------
[root@fw ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
190.81.174.48 0.0.0.0 255.255.255.240 U 0 0 0 eth0
10.30.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 190.81.174.49 0.0.0.0 UG 0 0 0 eth0
FIREWALL SCRIPT THAT WORKS WELL
iptables -A INPUT -s 192.168.0.0/16 -i eth3 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/16 -d 10.30.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -d 10.30.1.0/24 -o eth3 -j MASQUERADE
Distribution: CentOS 5.2
It should be noted if I add a station within the network: 10.30.1.X/24 has no problems connecting with the other destinations.
Physically this router is inside my 10.30.1.X DATA CENTER another wan.
Please help me and that I should add, I'll be very grateful and happy to answer any questions.
|