Here is my setup. My dsl modem is attached to the WAN port of my router. Vlan2 is the WAN port interface. Vlan2 has been assigned an IP address (192.168.1.253) in the same subnet as the modem to allow access. This rule is used to make it work 'iptables -I POSTROUTING -t nat -o vlan2 -d 192.168.1.254 -j MASQUERADE' With this setup from inside my lan (on a different subnet) I can still access the dsl modem. Tap0 is my openvpn interface. It is part of the bridge 'br0' and gets assigned an ip address within the same subnet as my lan. Effectively, when using Openvpn I become part of my lan and can access lan resources. So far so good. Here is the problem. When testing openvpn from public wifi, I can't access the dsl modem. I am on my lan as I can access other things. I can access my dsl modem testing openvpn from inside my lan, just not from the outside. When I remotely connect, I want EVERYTHING to be as if I were on my lan. I don't get why this doesn't work. Is there a rule that I am missing that would solve this? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html