I setup a VPN yesterday and I set it up so internet traffic can be routed thru the VPN. I assigned different external IPs to different internal IPs the client connects with

10.9.0.3 > 64.xx.xx.179
10.9.0.4 > 64.xx.xx.175

And so on. Anyway I reboot the server yesterday and moved the listen IP to another IP for organizational reasons now my nat routing is not working anymore. Every client is connecting fine and getting out to the internet and into the server but their all stuck on the same external IP. Maybe I was seeing things but pretty sure I had it right...

iptables -t nat -A POSTROUTING -s 10.9.0.3/24 -j SNAT --to 64.xx.xx.179

service iptables save

Am I doing it right?

OpenVPN/CentOS 5.5

They are all stuck on the same ip ??
Would it be this ip by any chance? 64.xx.xx.179
But then this is what your SNAT rule says....??
What if you had a rule for each ip address? Or change the SNAT range.

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4-1.2.3.25

The subnet mask for your source address should be /32 if you are doing a 1 to 1 SNAT.

They are all stuck on .176 ip. I have 4 Ips on the server and I had the VPN listening on 179 but I moved it to 176 so I could access tbe web gui from a domain name. Anyway it outputs the same Ip on all clients. Internal IP is different of course but external Ip is the same.

Tried that, still the same.

iptables -t nat -A POSTROUTING -s 10.9.0.3/24 -j SNAT --to 64.xx.xx.179

As long as I understand, this rule tells iptables to change something to 64.xx.xx.179 ONLY.


You can tell it to change like:
... -s 10.9.0.1/32 -j SNAT --to 64.xx.xx.179
... -s 10.9.0.2/32 -j SNAT --to 64.xx.xx.180
... -s 10.9.0.3/32 -j SNAT --to 64.xx.xx.181

Yup, that is what I am doing or how I would like it. Its not sticking however not sure why. How do I flush all my nat rules..

What do you mean by it is not sticking??
You add the rule, then check back again and it isnt there?

edit: solved my own problem.