Hi. I am rather new to iptables.
I have set up the following rules for one of the open vpn interfaces, but I randomly end up with a "Connected (Local: nn.nn.nn.nn - Public: unknown)" interface message on that vpn, and I understand this is mostly due to some iptables conflicts.
So here'a few questions:
1. I currently set these rules on the "nat-start" file. Is this wrong (I read on the internet about using an "iptables-save and iptables-restore" method)?
2. I am also using "x3mRouting" at the same time, is this ok?
3. Can I use the above rules in conjunction with Merlin's "WAN - Virtual Server / Port Forwarding" or not?
- 3.1 With different ports on the same device (192.168.1.100)?
- 3.2 With different ports on other 192.168.1.nn devices?
I am pretty sure I am messing something up and I'd appreciate some suggestions!
I have set up the following rules for one of the open vpn interfaces, but I randomly end up with a "Connected (Local: nn.nn.nn.nn - Public: unknown)" interface message on that vpn, and I understand this is mostly due to some iptables conflicts.
Code:
iptables -I FORWARD -i br0 -o tun14 -j ACCEPT
iptables -I FORWARD -i tun14 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan1 -j DROP
iptables -I INPUT -i tun14 -j REJECT
iptables -t nat -A POSTROUTING -o tun14 -j MASQUERADE
iptables -I FORWARD -i tun14 -p udp -d 192.168.1.100 --dport 16881 -j ACCEPT
iptables -I FORWARD -i tun14 -p tcp -d 192.168.1.100 --dport 16881 -j ACCEPT
iptables -t nat -I PREROUTING -i tun14 -p tcp --dport 16881 -j DNAT --to-destination 192.168.1.100
iptables -t nat -I PREROUTING -i tun14 -p udp --dport 16881 -j DNAT --to-destination 192.168.1.100
iptables -I FORWARD -i tun14 -p udp -d 192.168.1.100 --dport 5672 -j ACCEPT
iptables -I FORWARD -i tun14 -p tcp -d 192.168.1.100 --dport 5672 -j ACCEPT
iptables -t nat -I PREROUTING -i tun14 -p tcp --dport 5672 -j DNAT --to-destination 192.168.1.100
iptables -t nat -I PREROUTING -i tun14 -p udp --dport 5672 -j DNAT --to-destination 192.168.1.100
iptables -I FORWARD -i tun14 -p udp -d 192.168.1.100 --dport 5662 -j ACCEPT
iptables -I FORWARD -i tun14 -p tcp -d 192.168.1.100 --dport 5662 -j ACCEPT
iptables -t nat -I PREROUTING -i tun14 -p tcp --dport 5662 -j DNAT --to-destination 192.168.1.100
iptables -t nat -I PREROUTING -i tun14 -p udp --dport 5662 -j DNAT --to-destination 192.168.1.100
iptables -I FORWARD -i tun14 -p udp -d 192.168.1.100 --dport 5665 -j ACCEPT
iptables -I FORWARD -i tun14 -p tcp -d 192.168.1.100 --dport 5665 -j ACCEPT
iptables -t nat -I PREROUTING -i tun14 -p tcp --dport 5665 -j DNAT --to-destination 192.168.1.100
iptables -t nat -I PREROUTING -i tun14 -p udp --dport 5665 -j DNAT --to-destination 192.168.1.100
iptables -I FORWARD -i tun14 -p udp -d 192.168.1.100 --dport 6881 -j ACCEPT
iptables -I FORWARD -i tun14 -p tcp -d 192.168.1.100 --dport 6881 -j ACCEPT
iptables -t nat -I PREROUTING -i tun14 -p tcp --dport 6881 -j DNAT --to-destination 192.168.1.100
iptables -t nat -I PREROUTING -i tun14 -p udp --dport 6881 -j DNAT --to-destination 192.168.1.100
So here'a few questions:
1. I currently set these rules on the "nat-start" file. Is this wrong (I read on the internet about using an "iptables-save and iptables-restore" method)?
2. I am also using "x3mRouting" at the same time, is this ok?
3. Can I use the above rules in conjunction with Merlin's "WAN - Virtual Server / Port Forwarding" or not?
- 3.1 With different ports on the same device (192.168.1.100)?
- 3.2 With different ports on other 192.168.1.nn devices?
I am pretty sure I am messing something up and I'd appreciate some suggestions!
Last edited: