LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   nat forward openvpn (https://www.linuxquestions.org/questions/linux-newbie-8/nat-forward-openvpn-780512/)

qwertyjjj 01-07-2010 05:58 AM

nat forward openvpn
 
I am trying to do a NAT forward in iptables but get the following error:
Quote:

[root@server88-xxx-xxx-198 openvpn]# iptables -t nat -I POSTROUTING -i tun0 -o e
iptables v1.3.5: Can't use -i with POSTROUTING
Any ideas on what to do?
I have an OpenVON server running and I need the client to use the ports on the OpenVPN server

Linux.tar.gz 01-07-2010 08:44 AM

I don't understand why you try to nat the tun0

qwertyjjj 01-07-2010 09:02 AM

Quote:

Originally Posted by Linux.tar.gz (Post 3817555)
I don't understand why you try to nat the tun0

I was told to by the openvpn users list
I need all ports from my local computer to be forwarded to OpenVPN and then go out to the net so I can have the Linux box's IP address as a geo specific IP address.

Linux.tar.gz 01-07-2010 09:52 AM

If i understand right :

You use a mobile (i mean desktop or laptop) computer anywhere in the world, then you connect to your OpenVPN server, and you want the real IP adress (not the vpn one's) of the mobile computer to be geo-localized.

qwertyjjj 01-07-2010 10:15 AM

Quote:

Originally Posted by Linux.tar.gz (Post 3817624)
If i understand right :

You use a mobile (i mean desktop or laptop) computer anywhere in the world, then you connect to your OpenVPN server, and you want the real IP adress (not the vpn one's) of the mobile computer to be geo-localized.

I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.

forubu 01-07-2010 01:40 PM

Quote:

Originally Posted by qwertyjjj (Post 3817641)
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.

If I understand you correctly you are trying to route all client traffic through the VPN?

According to this article on openvpn.net you need to add the following to your server config-file:
push "redirect-gateway def1"

If you only want this behaviour for one client you can put it in the client-config-dir file.

Linux.tar.gz 01-08-2010 04:06 AM

Quote:

Originally Posted by qwertyjjj (Post 3817641)
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.

It's not the case right now ???

qwertyjjj 01-08-2010 04:48 AM

Quote:

Originally Posted by Linux.tar.gz (Post 3818581)
It's not the case right now ???

Yeah, that postrouting and also setting the server config to push the gateway sorted it.
Thanks

linuxlover.chaitanya 01-08-2010 04:51 AM

You can use prerouting with -i. But if you are talking about postrouting, you should be using your external interface with -o switch, is not it? Postrouting option will take effect on the packets as they are just about to leave the linux box, so it should be taking care of the packets that are leaving from the external interface and not your internal.
Also you can try using masquerade option with postrouting if you want routing.


All times are GMT -5. The time now is 06:42 AM.