RE: NAT and openvpn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



http://iptables-tutorial.frozentux.net/iptables-tutorial.html

SNAT is only valid in POSTROUTING chain, DNAT - in PREROUTING. 

These rules should be:

iptables -t nat -A PREROUTING -d $PUBIP -j DNAT --to-destination $VPNIP		# for incoming traffic
iptables -t nat -A POSTROUTING -s $VPNIP -j SNAT --to-source $PUBIP			# for outgoing traffic

-----Original Message-----
From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of G. Skillen
Sent: Saturday, March 28, 2009 5:52 AM
To: jason.faulkner@xxxxxxxxxxxxx
Cc: netfilter@xxxxxxxxxxxxxxx
Subject: Re: NAT and openvpn

> % iptables -t nat -A PREROUTING -s $VPNIP -j SNAT --to-source $PUBIP
> % iptables -t nat -A POSTROUTING -s $PUBIP -j DNAT --to-destination $VPNIP 

Thanks for the reply ... when I try that I get:

	mothership:~# iptables -t nat -A PREROUTING -s 10.8.0.2 -j SNAT --to-source <ip omitted>
	iptables: Invalid argument

(same for the next line)

Any ideas?

-- 
G. Skillen <g@xxxxxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux