I’m looking at a Shorewall VPN configuration for overlapping LANs here that I need to try to duplicate in IPFire.
I think that it may be possible to duplicate the setup listed for Shorewall 4.4.22 or earlier using either a combination of SNAT and DNAT firewall rules in the GUI or by modifying the CUSTOMPREROUTING and CUSTOMPOSTROUTING chains using firewall.local. Based on what I’ve seen for modifying iptables for this, I suspect the latter is the correct way but don’t know for sure either way.
Unfortunately, that method assumes that the firewalls at both ends of the connection can be changed. What I’m really looking to do is duplicate the setup listed for Shorewall 4.4.23 or later. That seems to require that the kernel has rawpost table support in iptables, an xtables-addon if I remember correctly, and I don’t know if IPFire supports that. Does anyone know if this is possible and, if so, how it needs to be configured?
So you can’t do what you want via xtables-addons but maybe other more knowledgeable people can suggest alternative approaches to achieve what you want in IPFire.
The systems in the top cloud will access the 192.168.1.0/24 subnet in the lower cloud using addresses in another unused /24. Similarly, the systems in the bottom cloud will access the 192.168.1.0/24 subnet in the upper cloud using a second unused /24.
I think about a simple workaround.
Because the assigned IP addresses of devices at location A cannot be used at location B, so you can use different subnet mask.
For example.