Linode Forum :: postrouting vpn traffic to eth0

Linode Forum https://forum.linode.com/

postrouting vpn traffic to eth0 - not restrictable https://forum.linode.com/viewtopic.php?f=19&t=3626	Page 1 of 1

Author:	cattani [ Sun Oct 26, 2008 11:50 am ]
Post subject:	postrouting vpn traffic to eth0 - not restrictable
hy! i set up my openvpn to route traffic to my linode and in iptables i put a postrouting masquerade rule so traffic from the vpn-client is snat-ed to eth0. this works fine. here is the postrouting rule -A POSTROUTING -o eth0 -j MASQUERADE (see http://openvpn.net/howto.html#redirect) ok, i thought it would be a good idea to ad -s <vpn subnet> to the postrouting command so not everybody can nat through my linode. but then nat stops to work. so i thought maybe i put a rule in *filter forward instead, which is set to drop as default: -A FORWARD ! -i eth0 -j ACCEPT but then nat stops to work too... so no matter what i tried (add subnet, ip´s to the postrouting or ip´s, subnet, interface tun0, lo to forward) everytime i limit nat it stops to work. the only working config would be to set forwarding to accept as default and to use the postrouting without limitation. does anyone have an advice for me? thx!

Author:	bejelith [ Thu Oct 30, 2008 6:26 am ]
Post subject:
have u tried this? Code: iptables -P FORWARD DROP iptables -A FORWARD -i VPN_INTERFACE -s VPN_NETWORK -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/