For OpenVPN, IPSEC and PPTP:
a. First you need to tell your kernel that you want to allow IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
b. Now setup the firewall rules:
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -t mangle -A FORWARD -i tun0 -o em1 -j MARK –or-mark 0x100
iptables -t nat -A POSTROUTING -m mark –mark 0x100/0x100 -j MASQUERADE
You may need to use the following rules also to ensure traffic flows
iptables -A input_rule -p esp -j ACCEPT
iptables -A input_rule -p udp –dport 500 -j ACCEPT
iptables -A input_rule -p udp –dport 4500 -j ACCEPT
1. You will need to edit /etc/sysctl.conf and change the line that says net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1
PPTP Specific:
# Port 1723 is used by pptp. For secure operations limit the
# source IP via -s x.x.x.x as well!
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
# PPTP used not tcp or udp, but gre (protocol number 47).
# Let it in as well.
iptables -A INPUT -p 47 -j ACCEPT
Recent Comments