Tue, 22 Dec 2009

poptop and iptables rules for nat

after setting up an instance of poptop vpn it was clearly necessary to nat traffic through the vpn. I used to the following to route traffic coming in from the ppp interface onto the local network interface.

iptables -A FORWARD -i ppp+ -o eth1 -m state --state NEW -j ACCEPT -s 192.168.30.0/24
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

i'm not certain if it actually helps but i do have ip forwarding enable in the kernel as well

echo "1" > /proc/sys/net/ipv4/ip_forward

then to enable it permenantly, set the following in /etc/sysctl.conf

net.ipv4.ip_forward =1

posted at: 19:39 | Tags pptp iptables nat vpn | path: /sysadmin | permanent link to this entry

Links:

Using:

Contact me | Back to top
© 2008 Heise | (Modified) Design by Andreas Viklund