View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions postrouting vpn traffic to eth0 - not restrictable
Log in to Ask a Question

postrouting vpn traffic to eth0 - not restrictable

networking

hy! i set up my openvpn to route traffic to my linode and in iptables i put a postrouting masquerade rule so traffic from the vpn-client is snat-ed to eth0. this works fine. here is the postrouting rule

-A POSTROUTING -o eth0 -j MASQUERADE

(see http://openvpn.net/howto.html#redirect)

ok, i thought it would be a good idea to ad -s to the postrouting command so not everybody can nat through my linode. but then nat stops to work. so i thought maybe i put a rule in *filter forward instead, which is set to drop as default:

-A FORWARD ! -i eth0 -j ACCEPT

but then nat stops to work too…

so no matter what i tried (add subnet, ip´s to the postrouting or ip´s, subnet, interface tun0, lo to forward) everytime i limit nat it stops to work. the only working config would be to set forwarding to accept as default and to use the postrouting without limitation.

does anyone have an advice for me? thx!

1 Reply

have u tried this?

iptables -P FORWARD DROP
iptables -A FORWARD -i VPN_INTERFACE -s VPN_NETWORK -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct