Using iptables to make a VPN router

Posted by lost_in_the_sauce on Server Fault See other posts from Server Fault or by lost_in_the_sauce
Published on 2012-09-11T15:11:33Z Indexed on 2012/09/11 15:40 UTC
Read the original article Hit count: 157

Filed under:
|
|

I am attempting to make a VPN connection to a third party VPN site, then forward traffic from my internal computers (ssh and ping for now) out to the VPN site using IPTables.

3rd Party <-> (tun0/eth0)Linux VPN Box(eth1) <-> Windows7TestBox

I am running on CentOS 6.3 Linux and have two network connections eth0->public eth1->private. I am running vpnc-0.5.3-4 which is currently connecting to my destination.

When I connect I am able to ping the destination IPAddresses but that is as far as I can get.

ping -I tun0 10.1.33.26 success

ping -I eth0 10.1.33.26 fail

ping -I eth1 10.1.33.26 fail

I have my private network Windows 7 test box set up to have the eth1 (private) network of my VPN Server as its gateway and can ping him fine. I need IPTables to send the Windows 7 traffic out the VPN tunnel.

I have tried for a few days many different IPTables configurations from this site and others, either the other examples are too simple or overly complicated. The only thing this server is doing is connecting to the VPN and forwarding all traffic.

So we can "flush" everything and start from scratch here. It is a blank slate.

#!/bin/bash

echo "Define variables"

ipt="/sbin/iptables"

echo "Zero out all counters"

$ipt -Z

$ipt -t nat -Z

$ipt -t mangle -Z

echo "Flush all active rules, delete all chains"

$ipt -F

$ipt -X

$ipt -t nat -F

$ipt -t nat -X

$ipt -t mangle -F

$ipt -t mangle -X

$ipt -P INPUT ACCEPT

$ipt -P FORWARD ACCEPT

$ipt -P OUTPUT ACCEPT

$ipt -t nat -A POSTROUTING -o tun0 -j MASQUERADE

$ipt -A FORWARD -i eth1 -o eth0 -j ACCEPT

$ipt -A FORWARD -i eth0 -o eth1 -j ACCEPT

$ipt -A FORWARD -i eth0 -o tun0 -j ACCEPT

$ipt -A FORWARD -i tun0 -o eth0 -j ACCEPT

Again I have done many variations of the above and many other rules from other posts but haven't been able to move forward. It seems like such a simple task, and yet....

© Server Fault or respective owner

Related posts about linux

Related posts about vpn