Pomo as OpenVPN server

From Tech
Revision as of 22:46, 24 December 2012 by Joosteto (talk | contribs)
Jump to navigationJump to search


For iptables, I'm using this /etc/init.d/iptables script: 

#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin
EXT=eth0
INT=tun1
#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X


case $1 in
  start|restart)
    # Always accept loopback traffic
    iptables -A INPUT -i lo -j ACCEPT
    
    
    # Allow established connections, and those not coming from the outside
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -m state --state NEW ! -i  $EXT -j ACCEPT
    iptables -A FORWARD -i $EXT -o $INT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    # Allow outgoing connections from the LAN side.
    iptables -A FORWARD -i $INT -o $EXT -j ACCEPT
    
    # Masquerade.
    iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE
    
    # Don't forward from the outside to the inside.
    iptables -A FORWARD -i $EXT -o $EXT -j REJECT
    
    # Enable routing.
    echo 1 > /proc/sys/net/ipv4/ip_forward
    ;;
  stop)
    echo 0 > /proc/sys/net/ipv4/ip_forward
    ;;
esac
Retrieved from "http://tech.komputilo.org/index.php?title=Pomo_as_OpenVPN_server&oldid=42"