On Sun, Sep 20, 2015 at 03:13:18PM -0400, Simon Deziel wrote:
> If I were to hop by an intermediary server, I'd probably try to do with
> NAT+forward only. Here is an untested IPtables version for the
> intermediary/relay server:
>
> iptables -t nat -A PREROUTING -s $STATIC_HOME_IP -p udp --dport 1194 \
> -j DNAT --to my-openvpn-box
> iptables -A FORWARD -s $STATIC_HOME_IP -d my-openvpn-box -p udp \
> --dport 1194 -j ACCEPT
> iptables -t nat -A POSTROUTING -d my-openvpn-box -p udp --dport 1194 \
> -j MASQUERADE
This indeed and surprisingly works. Here the ferm rules:
table filter {
chain INPUT {
policy ACCEPT;
}
chain OUTPUT {
policy ACCEPT;
}
chain FORWARD {
policy ACCEPT;
}
}
table nat {
chain PREROUTING {
protocol udp dport 1194 DNAT to "my-openvpn-box:1194";
}
chain POSTROUTING {
protocol udp dport 1194 daddr my-openvpn-box MASQUERADE;
}
}
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
