postrouting vpn traffic to eth0 - not restrictable

hy! i set up my openvpn to route traffic to my linode and in iptables i put a postrouting masquerade rule so traffic from the vpn-client is snat-ed to eth0. this works fine. here is the postrouting rule

-A POSTROUTING -o eth0 -j MASQUERADE

(see http://openvpn.net/howto.html#redirect)

ok, i thought it would be a good idea to ad -s to the postrouting command so not everybody can nat through my linode. but then nat stops to work. so i thought maybe i put a rule in *filter forward instead, which is set to drop as default:

-A FORWARD ! -i eth0 -j ACCEPT

but then nat stops to work too…

so no matter what i tried (add subnet, ip´s to the postrouting or ip´s, subnet, interface tun0, lo to forward) everytime i limit nat it stops to work. the only working config would be to set forwarding to accept as default and to use the postrouting without limitation.

does anyone have an advice for me? thx!

1 Reply

have u tried this?

iptables -P FORWARD DROP
iptables -A FORWARD -i VPN_INTERFACE -s VPN_NETWORK -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct