LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-28-2010, 12:42 PM   #1
ysysysys
LQ Newbie
 
Registered: May 2010
Posts: 2

Rep: Reputation: 0
Allowing remote access to openVPN in IPTABLES without Masquerade


Hello,
I am not a Linux expert and I am trying to resolve the following problem:
I have installed OpenVPN server on CentOS 5.5 x86_64
Now all I need is to allow it to connect to all the remote servers
Right now I am able to connect to the OpenVPN server from my PC (Using the OpenVPN GUI) but unable to access any remote address. Just the local OpenVPN server's address is accessible.
Now I am having troubles with the following iptables rule:
Code:
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
I don't have the MASQUERADE module installed so I am getting the following error:
Quote:
iptables: Unknown error 18446744073709551615
I have tried to install this module but received error and it appear to be impossibe to install
In fact all I need is to find some simple command to allow the OpenVPN server to access all remote servers
I have tried
Code:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source server_ip service iptables
(I have replaced the server_ip with the server's IP address)
But that didn't helped
I have enabled the net.ipv4.ip_forward in sysctl.conf and restarted the server but that didn't helped as well
I'd really appreciate if somebody could help me find a valid command
Thanks in advance!

Last edited by ysysysys; 05-28-2010 at 12:44 PM.
 
Old 05-29-2010, 08:58 PM   #2
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
Originally Posted by ysysysys View Post
Hello,
I am not a Linux expert and I am trying to resolve the following problem:
I have installed OpenVPN server on CentOS 5.5 x86_64
Now all I need is to allow it to connect to all the remote servers
Right now I am able to connect to the OpenVPN server from my PC (Using the OpenVPN GUI) but unable to access any remote address. Just the local OpenVPN server's address is accessible.
1. What do mean by "remote address"?
2. What do you mean by "Just the local OpenVPN server's address"?

In Linux most thing is equal, and OpenVPN server acts like a router to any packets, whether they came from interface or from VPN. If you want your packets go farther you need to tell your router to forward them any farther.
 
Old 06-06-2010, 04:32 AM   #3
ysysysys
LQ Newbie
 
Registered: May 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Hello,
Thanks for your quick response and sorry for my delayed reaction, Been very busy
I want to give access to the OpenVPN server to the "whole web"
Let's say that the IP address of the server where the VPN is hosted is 012.345.678.9
So my problem is that when I am connecting to the OpenVPN server from my Windows client I am only able to enter to http://012.345.678.9 but none other websites are accessible
What can I do to "open" access to all the other websites on the web?
On a lot of other servers where I have installed OpenVPN I have resolved this problem simply by executing this command from SSH
Code:
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
/etc/init.d/iptables save
/etc/init.d/iptables restart
and all the remote websites started to work properly
But on this server the MASQUERADE module is not available and it seems like it is not possible to install this module so I am unable to execute this command
Is there any alternative?
Thanks in advance!
 
Old 06-06-2010, 06:23 AM   #4
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 50
Replace '012.345.678.9' with whatever the real IP address of the server is.
Code:
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to-source 012.345.678.9

If that does not work, please run these commands and post the output to us:
Code:
ifconfig
ip route
iptables-save
cat /proc/sys/net/ipv4/ip_forward
 
Old 06-06-2010, 06:30 AM   #5
Basse1
LQ Newbie
 
Registered: Jun 2010
Location: India
Posts: 14

Rep: Reputation: 1
If you are using Masquerading (Many to One NAT), I don't think there is a work around rather than installing Masquerading.
 
Old 06-06-2010, 08:18 AM   #6
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 50
the SNAT target will do the same thing, MASQUERADE just automatically gets the source IP which is useful for dynamic IP addresses.
 
  


Reply

Tags
iptables, masquerade, openvpn, snat


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Iptables Not allowing access to Apache in my Internal Network KinnowGrower Linux - Networking 5 01-24-2010 11:09 AM
IPTables is blocking my OpenVPN internet access! eponymous Linux - Security 2 01-23-2007 01:40 PM
LCDproc Allowing Remote Access TemplaraPheonix Linux - Software 0 08-06-2005 10:10 AM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 12:22 PM


All times are GMT -5. The time now is 11:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration