LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-07-2010, 06:58 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
nat forward openvpn


I am trying to do a NAT forward in iptables but get the following error:
Quote:
[root@server88-xxx-xxx-198 openvpn]# iptables -t nat -I POSTROUTING -i tun0 -o e
iptables v1.3.5: Can't use -i with POSTROUTING
Any ideas on what to do?
I have an OpenVON server running and I need the client to use the ports on the OpenVPN server
 
Old 01-07-2010, 09:44 AM   #2
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,328

Rep: Reputation: 89
I don't understand why you try to nat the tun0
 
Old 01-07-2010, 10:02 AM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Linux.tar.gz View Post
I don't understand why you try to nat the tun0
I was told to by the openvpn users list
I need all ports from my local computer to be forwarded to OpenVPN and then go out to the net so I can have the Linux box's IP address as a geo specific IP address.

Last edited by qwertyjjj; 01-07-2010 at 10:15 AM.
 
Old 01-07-2010, 10:52 AM   #4
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,328

Rep: Reputation: 89
If i understand right :

You use a mobile (i mean desktop or laptop) computer anywhere in the world, then you connect to your OpenVPN server, and you want the real IP adress (not the vpn one's) of the mobile computer to be geo-localized.
 
Old 01-07-2010, 11:15 AM   #5
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Linux.tar.gz View Post
If i understand right :

You use a mobile (i mean desktop or laptop) computer anywhere in the world, then you connect to your OpenVPN server, and you want the real IP adress (not the vpn one's) of the mobile computer to be geo-localized.
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.
 
Old 01-07-2010, 02:40 PM   #6
forubu
LQ Newbie
 
Registered: Jul 2009
Location: Trondheim, Norway
Distribution: Ubuntu
Posts: 28

Rep: Reputation: 16
Quote:
Originally Posted by qwertyjjj View Post
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.
If I understand you correctly you are trying to route all client traffic through the VPN?

According to this article on openvpn.net you need to add the following to your server config-file:
push "redirect-gateway def1"

If you only want this behaviour for one client you can put it in the client-config-dir file.
 
Old 01-08-2010, 05:06 AM   #7
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,328

Rep: Reputation: 89
Quote:
Originally Posted by qwertyjjj View Post
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.
It's not the case right now ???
 
Old 01-08-2010, 05:48 AM   #8
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Linux.tar.gz View Post
It's not the case right now ???
Yeah, that postrouting and also setting the server config to push the gateway sorted it.
Thanks
 
Old 01-08-2010, 05:51 AM   #9
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
You can use prerouting with -i. But if you are talking about postrouting, you should be using your external interface with -o switch, is not it? Postrouting option will take effect on the packets as they are just about to leave the linux box, so it should be taking care of the packets that are leaving from the external interface and not your internal.
Also you can try using masquerade option with postrouting if you want routing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I'm Connect to OPENVPN but i haven't NAT!!!! sungirl Linux - Networking 1 03-02-2009 12:44 PM
NAT vs Squid w/ Openvpn + Hulu jonnytabpni Linux - Networking 0 02-08-2009 06:01 PM
OpenVPN sometimes does not forward all traffic to server depam Linux - Software 1 06-28-2008 05:13 PM
OpenVPN forward through firewall to VPN endpoint and rerouted back in? Lantzvillian Linux - Networking 2 02-17-2008 07:32 PM
Will IPTables w/ NAT conflict w/ OpenVPN? licht Linux - Security 1 07-19-2007 09:22 PM


All times are GMT -5. The time now is 02:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration