[Firewall] Arno's script and openVPN

Jānis je at ktf.rtu.lv
Mon Mar 16 09:13:17 CET 2015


Dear all,

I am trying to figure out how to best organize openVPN access fro the  
wilderness.
Currently i have a virtual machine set up for this having respective  
port forward on the router (protected by Arno's script).

I am still  not decided whether to keep it as is or to move openVPN to  
the router.
In order to have openVPN working, I have the following iptables rules  
set up on the VM (10.8.0.0/24 being the virtual network for the  
outside users):

iptables -v -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -v -A INPUT -s 10.8.0.0/24 -j ACCEPT
iptables -v -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -v -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -v -A FORWARD -i eth0 -o tun0 -j ACCEPT

How could look the same additional rules (what has to be set up) in  
case I decide to move it to the router with Arno's script? For the  
case of router - i have to build a mutual trust between tun and  
internal IF (eth1, for example), haven't I?

Janis


More information about the Firewall mailing list