Here's the context: a router running DD-WRT that I am trying to configure to use an openvpn based proxy. The router already has port forwarding rules that direct ftp and other ports to specific local addresses on the network, and these worked ok before the proxy is installed.

The proxy configuration creates an openvpn tunnel, and the following is added to iptables to route traffic through it:

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Once that rule is in place, general traffic from the network goes through the proxy, but the port forwarding rules no longer work.

I am not really familiar with iptables, but it looks to me like the masquerade statement is causing the traffic on the forwarded ports to not make it to the previously defined destination. Is there a way to tweak this so the proxy works without breaking the port forwarding rules?

Thanks,

Barry

Check that port forwarding rules are before that masquerade rule with iptables -t nat -L POSTROUTING .If not, move masquerade to the end of list and try again.