Is it a postrouting issue? So, -A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j SNAT --to-source xx.xxx.xxx.199 As an aside, when I open up iptraf, it gives me a network called lo, which I don't seem to be able to get rid of. I think I created it by accident a while back. ---------------------------------------- > Date: Wed, 7 Jul 2010 17:50:53 +0200 > From: pascal.mail@xxxxxxxxxxxxxxx > To: webster_jack@xxxxxxxxxxx > CC: netfilter@xxxxxxxxxxxxxxx > Subject: Re: iptables not forwarding port 443 > > J. Webster a écrit : >> That seems to work, the VPN now connects on port 443. >> However, when I go to whatsmyip instead of giving me the xx.xx.xx.199 >> address, it gives me the xx.xx.xx.198 address. Not a massive problem in >> itself but something in the routing must be incoming on 199 and outgoing >> on 198. > > I guess this is again because xx.xx.xx.198 is the primary address on > eth0 and is preferred over xx.xx.xx.199 by default source address > selection and MASQUERADE. If the openvpn client TUN/TAP interface > address is in the 172.16.0.0/24 range, then instead of MASQUERADE you > can use SNAT with explicit source address (-j SNAT --to-source ). > >> Current iptables: >> # Generated by iptables-save v1.3.5 on Wed Jul 7 16:06:49 2010 >> *nat >> :PREROUTING ACCEPT [29:10687] >> :POSTROUTING ACCEPT [27:8372] >> :OUTPUT ACCEPT [27:8372] >> -A PREROUTING -d xx.xxx.xxx.199 -p tcp -m tcp --dport 443 -j DNAT --to-destination xx.xxx.xxx.199:1194 >> -A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE >> -A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE > > Why twice the same rule ? > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html _________________________________________________________________ http://clk.atdmt.com/UKM/go/197222280/direct/01/ We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
