API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 23rd, 2018
70
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.14 KB | None | 0 0
raw download clone embed print report
  1. # OpenVPN's iptables rules
  2.  
  3. # Main forward rules + LAN access
  4.  
  5. iptables -I INPUT -i tun+ -j ACCEPT;
  6.  
  7. iptables -I FORWARD -i tun+ -j ACCEPT;
  8.  
  9. iptables -I OUTPUT -o tun+ -j ACCEPT;
  10.  
  11. iptables -I FORWARD -o tun+ -j ACCEPT;
  12.  
  13. # Allow traffic initiated from VPN to access LAN
  14. iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 172.12.0.0/24 -m conntrack --ctstate NEW -j ACCEPT;
  15.  
  16. # Allow traffic initiated from VPN to access "the world"
  17. iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT;
  18.  
  19. # Allow established traffic to pass back and forth
  20. iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT;
  21.  
  22. # Masquerade traffic from VPN to "the world" -- done in the nat table
  23. iptables -t nat -I POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE;
  24.  
  25. # Masquerade traffic from LAN to "the world"
  26. iptables -t nat -I POSTROUTING -o eth0 -s 172.12.0.0/24 -j MASQUERADE;
  27.  
  28. # int_switch's network
  29.  
  30. # Allow traffic initiated from VPN to access "int_switch"
  31. iptables -I FORWARD -i tun0 -o eth1 -s 10.8.0.0/24 -d 10.0.1.0/24 -m conntrack --ctstate NEW -j ACCEPT;
  32.  
  33. # Allow traffic initiated from VPN through "int_switch" to access "the world"
  34. iptables -I FORWARD -i tun0 -o eth1 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT;
  35.  
  36.  
  37. # Masquerade traffic from VPN through "int_switch" to "the world"
  38. iptables -t nat -I POSTROUTING -o eth1 -s 10.8.0.0/24 -j MASQUERADE;
  39.  
  40. # Masquerade traffic from "int_switch" to "the world"
  41. iptables -t nat -I POSTROUTING -o eth1 -s 10.0.1.0/24 -j MASQUERADE;
  42.  
  43. # lif1_nfs's network
  44.  
  45. # Allow traffic initiated from VPN to access "lif1_nfs"
  46. iptables -I FORWARD -i tun0 -o eth2 -s 10.8.0.0/24 -d 10.0.2.0/24 -m conntrack --ctstate NEW -j ACCEPT;
  47.  
  48. # Allow traffic initiated from VPN through "lif1_nfs" to access "the world"
  49. iptables -I FORWARD -i tun0 -o eth2 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT;
  50.  
  51. # Masquerade traffic from VPN through "lif1_nfs" to "the world"
  52. iptables -t nat -I POSTROUTING -o eth2 -s 10.8.0.0/24 -j MASQUERADE;
  53.  
  54. # Masquerade traffic from "lif1_nfs" to "the world"
  55. iptables -t nat -I POSTROUTING -o eth2 -s 10.0.2.0/24 -j MASQUERADE;
  56. # End OpenVPN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!