iptables nat issue

Marco Catunda marco.catunda at gmail.com
Fri May 23 22:45:52 UTC 2008


Hi,

I don't know If It is the best mailing list for iptables issues, but I
don't find out other.

I have the following situation:

HOME MACHINE   -  OFFICE MACHINE  -  SERVER MACHINE

I would like do connect in server machine throught VPN between HOME and OFFICE,
so I set up VPN with the following configuration:

HOME MACHINE (Server VPN):
dev tun0
ifconfig 192.168.90.1 192.168.90.2
secret /etc/openvpn/home.key
proto tcp-server
port 30555
keepalive 10 60
ping-timer-rem
#persist-key
#persist-tun
comp-lzo

OFFICE MACHINE (Client VPN):
remote <dyndns ip to home machine>
dev tun0
proto tcp-client
port 30555
ifconfig 192.168.90.2 192.168.90.1
secret /etc/openvpn/office.key
keepalive 10 60
resolv-retry 30
ping-timer-rem
#persist-key
#persist-tun
comp-lzo

The VPN Tunnel works perfectly well. I am able to connect to OFFICE
MACHINE without any problem,
so the next step will set up iptables to deal with all packets
incoming VPN Tunnel going to internal network
using the OFFICE MACHINE ip source not HOME ip source (NAT). I have to
do it because the firewalls
between OFFICE MACHINE and SERVER MACHINE.

I've used the following rule:

iptables -A POSTROUTING -s 192.168.90.0/255.255.255.0 -o eth0 -j SNAT
--to-source <OFFICE IP>

I can't figure out why this is not work. The packets arrived at SERVER
MACHINE (I could see it
using tcpdump), the SERVER MACHINE reply. The reply packet arrives at
OFFICE MACHINE,
but It don't foward to tun0 device, therefore, the HOME MACHINE
doesn't receive reply packet.

The following rule happens the same thing:

iptables -t nat -A POSTROUTING -s 192.168.90.0/24 -o eth0 -j MASQUERADE

What am I missing?

Thanks
-- 
Marco Catunda




More information about the ubuntu-users mailing list