Just a note.. You create a network namespace for vpn with an arbitrary network and run openvpn inside it. Then you can use a veth pair to allow traffic from whatever other boxes on your lan you want to go through the vpn. This also stops the traffic from going anywhere if openvpn disconnects. On Tue, Sep 29, 2020 at 10:52 AM Alberto <alberto@xxxxxxxxxxx> wrote: > > Hi everybody: > > I have a Linux debian with twice ifaces: > > - eth0: 192.168.1.1 (WAN) > > - eth1: 192.168.2.1 (LAN) > > as Home Router and GW of my Home LAN (192.168.2.0/24). > > From time to time, I up an tun0 iface as openvpn client in this Home Router. > > I up this openvpn connection with "--route-nopull" parameter, because I > don't want redirect traffic of all my LAN devices through this VPN, but > only a few. > > I set the following rules with IPTABLES to permit traffic from VPN: > > - iptables -A INPUT -i tun+ -j ACCEPT > - iptables -A OUTPUT -o tun+ -j ACCEPT > - iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT > - iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE > > > Ok, how can I do to make this redirect to specific hosts? > > > Thanks, > > Regards, > > > > >
