postrouting vpn traffic to eth0 - not restrictable
-A POSTROUTING -o eth0 -j MASQUERADE
(see
ok, i thought it would be a good idea to ad -s
-A FORWARD ! -i eth0 -j ACCEPT
but then nat stops to work too…
so no matter what i tried (add subnet, ip´s to the postrouting or ip´s, subnet, interface tun0, lo to forward) everytime i limit nat it stops to work. the only working config would be to set forwarding to accept as default and to use the postrouting without limitation.
does anyone have an advice for me? thx!
1 Reply
iptables -P FORWARD DROP
iptables -A FORWARD -i VPN_INTERFACE -s VPN_NETWORK -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT