Simple routing over a single NIC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, I have an OpenVPN setup utilizing one NIC and I'm presently using ip with IP forwarding enabled in the kernel to allow the host to act as a router.

I was able to successfully get data to flow using the following iptables rules:

# Generated by iptables-save v1.3.5 on Tue Mar 24 17:22:02 2009
*nat
:PREROUTING ACCEPT [8:522]
:POSTROUTING ACCEPT [11:880]
:OUTPUT ACCEPT [17:1599]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Mar 24 17:22:02 2009
# Generated by iptables-save v1.3.5 on Tue Mar 24 17:22:02 2009
*filter
:INPUT ACCEPT [4:250]
:FORWARD ACCEPT [9:472]
:OUTPUT ACCEPT [513:60115]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Mar 24 17:22:02 2009

I have provided each VPN user with a /30 of IPs that are routable in my internal network (RFC 1918 IPs).

The problem is though that I actually want to keep the original IPs intact rather than performing NAT/IP Masquerading. I would want to use iptables to perform filtering on certain IP ranges of course, but I want for logging purposes to be able to keep track of what IP hit what host internally, and IP masquerading obscures that information. I would also like to allow users to connect back to their own host from a server in the internal network over their VPN connection and using IP masquerading prevents that. I would appreciate if someone could point me in the right direction, I have read some of the documentation and I'm not quite sure what the best and simplest way of doing this would be.

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux