Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-07-2010, 06:58 AM
|
#1
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Rep:
|
nat forward openvpn
I am trying to do a NAT forward in iptables but get the following error:
Quote:
[root@server88-xxx-xxx-198 openvpn]# iptables -t nat -I POSTROUTING -i tun0 -o e
iptables v1.3.5: Can't use -i with POSTROUTING
|
Any ideas on what to do?
I have an OpenVON server running and I need the client to use the ports on the OpenVPN server
|
|
|
01-07-2010, 09:44 AM
|
#2
|
Senior Member
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534
Rep: 
|
I don't understand why you try to nat the tun0
|
|
|
01-07-2010, 10:02 AM
|
#3
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by Linux.tar.gz
I don't understand why you try to nat the tun0
|
I was told to by the openvpn users list
I need all ports from my local computer to be forwarded to OpenVPN and then go out to the net so I can have the Linux box's IP address as a geo specific IP address.
Last edited by qwertyjjj; 01-07-2010 at 10:15 AM.
|
|
|
01-07-2010, 10:52 AM
|
#4
|
Senior Member
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534
Rep: 
|
If i understand right :
You use a mobile (i mean desktop or laptop) computer anywhere in the world, then you connect to your OpenVPN server, and you want the real IP adress (not the vpn one's) of the mobile computer to be geo-localized.
|
|
|
01-07-2010, 11:15 AM
|
#5
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by Linux.tar.gz
If i understand right :
You use a mobile (i mean desktop or laptop) computer anywhere in the world, then you connect to your OpenVPN server, and you want the real IP adress (not the vpn one's) of the mobile computer to be geo-localized.
|
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.
|
|
|
01-07-2010, 02:40 PM
|
#6
|
LQ Newbie
Registered: Jul 2009
Location: Trondheim, Norway
Distribution: Ubuntu
Posts: 28
Rep:
|
Quote:
Originally Posted by qwertyjjj
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.
|
If I understand you correctly you are trying to route all client traffic through the VPN?
According to this article on openvpn.net you need to add the following to your server config-file:
push "redirect-gateway def1"
If you only want this behaviour for one client you can put it in the client-config-dir file.
|
|
|
01-08-2010, 05:06 AM
|
#7
|
Senior Member
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534
Rep: 
|
Quote:
Originally Posted by qwertyjjj
I need to be recognised as using the VPN server's IP address.
So, my IP currently is 1.2.3.4, the server is 10.2.3.4
When I connect by VPN but open up a browser on my laptop and go to whatsmyip, it should say 10.2.3.4
I believe that's why the nat routing was needed.
|
It's not the case right now ???
|
|
|
01-08-2010, 05:48 AM
|
#8
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by Linux.tar.gz
It's not the case right now ???
|
Yeah, that postrouting and also setting the server config to push the gateway sorted it.
Thanks
|
|
|
01-08-2010, 05:51 AM
|
#9
|
Senior Member
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638
Rep: 
|
You can use prerouting with -i. But if you are talking about postrouting, you should be using your external interface with -o switch, is not it? Postrouting option will take effect on the packets as they are just about to leave the linux box, so it should be taking care of the packets that are leaving from the external interface and not your internal.
Also you can try using masquerade option with postrouting if you want routing.
|
|
|
All times are GMT -5. The time now is 09:47 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|