LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-14-2014, 12:36 PM   #1
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
what is wrong with this iptables script


the machine in question is an openvpn endpoint, I had it working in my shop, but when we put it into the field it isn't working any more
the goal is to forward traffic from the tunnel onto the lan

current setup
------
the script
Code:
#!/bin/bash
sudo iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
the iptables list after running above script
Code:
root@vpn-server1:/home/administrator# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          192.168.0.0/24       ctstate NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ifconfig output
Code:
root@vpn-server1:/home/administrator# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:dd:55:1d  
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fedd:551d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:48638 errors:0 dropped:7 overruns:0 frame:0
          TX packets:30365 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6919635 (6.9 MB)  TX bytes:4460708 (4.4 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:336 (336.0 B)  TX bytes:336 (336.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:5797 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3801 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:446958 (446.9 KB)  TX bytes:625654 (625.6 KB)
route output
Code:
root@vpn-server1:/home/administrator# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         smoothy         0.0.0.0         UG    0      0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
any ideas would be appreciated, please and thank you
 
Old 10-14-2014, 04:24 PM   #2
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Original Poster
Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
never mind, i figured it out myself
Code:
sudo iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE  
sudo iptables -A FORWARD --in-interface tun0 -j ACCEPT
 
Old 10-15-2014, 02:46 AM   #3
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,636

Rep: Reputation: Disabled
Thanks for sharing your solution . (And I'm envious of your prowess in IPTABLES ).
 
Old 10-15-2014, 12:15 PM   #4
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Original Poster
Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
Quote:
Originally Posted by JZL240I-U View Post
Thanks for sharing your solution . (And I'm envious of your prowess in IPTABLES ).
meh, i'm not that good, if i had prowess i wouldn't have asked in the first place, i'm just decent at finding answers when i need them, and it's my pet peve to see people posting 'fixed it' etc.. without explaining how.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What's wrong with this iptables syntax?? registering Linux - Security 3 06-16-2004 03:54 PM
What's wrong with my iptables script? veritas Linux - Security 3 06-06-2004 11:39 AM
iptables script sets wrong dynamic IP gundelgauk Linux - Security 5 09-08-2003 07:42 AM
iptables, what am i doing wrong?! jimval7 Linux - Networking 5 02-27-2002 11:29 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration