hy! i set up my openvpn to route traffic to my linode and in iptables i put a postrouting masquerade rule so traffic from the vpn-client is snat-ed to eth0. this works fine. here is the postrouting rule
-A POSTROUTING -o eth0 -j MASQUERADE
(see http://openvpn.net/howto.html#redirect)

ok, i thought it would be a good idea to ad -s <vpn subnet> to the postrouting command so not everybody can nat through my linode. but then nat stops to work. so i thought maybe i put a rule in *filter forward instead, which is set to drop as default:
-A FORWARD ! -i eth0 -j ACCEPT
but then nat stops to work too...

so no matter what i tried (add subnet, ip´s to the postrouting or ip´s, subnet, interface tun0, lo to forward) everytime i limit nat it stops to work. the only working config would be to set forwarding to accept as default and to use the postrouting without limitation.


does anyone have an advice for me? thx!

have u tried this?

iptables -P FORWARD DROP
iptables -A FORWARD -i VPN_INTERFACE -s VPN_NETWORK -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT