iptables and openVPN

Hi, I've got an openVPN server up and running with a client connected
but what iptables commands do I have to run to forward IP traffic
between tun0 and eth0?

ifconfig produces this:

eth0 Link encap:Ethernet HWaddr 000:09:57:34:AE
inet addr:192.168.2.10 Bcast:192.168.2.255
Mask:255.255.255.0
inet6 addr: fe80::2d0:9ff:fe57:34ae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43127003 errors:0 dropped:0 overruns:0 frame:0
TX packets:48964901 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3661645438 (3.4 GiB) TX bytes:3251375468 (3.0 GiB)
Interrupt:10 Base address:0xe000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6055 errors:0 dropped:0 overruns:0 frame:0
TX packets:6055 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4412334 (4.2 MiB) TX bytes:4412334 (4.2 MiB)

tun0 Link encap:UNSPEC HWaddr
ED-FE-3B-F3-68-00-F4-1F-00-00-00-00-00-00-00
-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:40 (40.0 b)

iptables -L produces this:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I can ping 10.8.0.1 from the openVPN client with no problems but I
can't ping 192.168.2.10. What am I missing here????

Thanks in advance,

Shawn


Shawn Wilson

Am Tue, 22 Mar 2005 07:41:01 -0800 schrieb Shawn Wilson:

> Hi, I've got an openVPN server up and running with a client connected
> but what iptables commands do I have to run to forward IP traffic
> between tun0 and eth0?

If you simply want to link/merge both interfaces, take a look at the
Bridging howto at openvpn.sf.net . This won't be a solution with iptables.

Possible solutions with iptables would be masquerading, SNAT or DNAT
(Native Address Translation), but this would alter the packet's addresses
and possibly isn't what you want.

> Thanks in advance,
>
> Shawn

What if this tun0 was just another ethernet card, say eth1, how do you
make linux route between eth0 and eth1 (absolutely no filtering,
masquerading, NAT, etc. whatsoever - straight plain jane routing)?

Matthias Degenkolb <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> Am Tue, 22 Mar 2005 07:41:01 -0800 schrieb Shawn Wilson:
>
> > Hi, I've got an openVPN server up and running with a client connected
> > but what iptables commands do I have to run to forward IP traffic
> > between tun0 and eth0?
>
> If you simply want to link/merge both interfaces, take a look at the
> Bridging howto at openvpn.sf.net . This won't be a solution with iptables.
>
> Possible solutions with iptables would be masquerading, SNAT or DNAT
> (Native Address Translation), but this would alter the packet's addresses
> and possibly isn't what you want.
>
> > Thanks in advance,
> >
> > Shawn

Shawn Wilson wrote:
> What if this tun0 was just another ethernet card, say eth1, how do you
> make linux route between eth0 and eth1 (absolutely no filtering,
> masquerading, NAT, etc. whatsoever - straight plain jane routing)?
>

just activate forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

and on your client define gw as your linux but if you have other
router in your network , they must know about network routed by your linux
--
Weill Philippe - Administrateur Systeme et Reseaux