On 1/04/20 1:42 am, Ranjan Maitra wrote:
On Tue, 31 Mar 2020 19:41:58 +1300 Peter <pe...@pajamian.dhs.org> wrote:
On 31/03/20 5:42 pm, Bob Proulx wrote:
The "$vpn" part is a variable was simply a placeholder for the IP
address of your VPN connected relayhost. It would be an IP address
like 93.184.216.34 but put in the IP address of your relay host that
is only accessible when the VPN is up.
iptables -A OUTPUT -o 93.184.216.34 -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -m tcp --dport 25 -j REJECT
But replace 93.184.216.34 with the IP address of your VPN relay host.
I simply used an actual address inorder to clarify the example.
Actually it's an interface name (such as tun0), not an IP address:
[!] -o, --out-interface name
Name of an interface via which a packet is going to be
sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains).
When the "!" argument is used before the
interface name, the sense is inverted. If the
interface name ends in a "+", then any interface which begins with this
name will match. If this option is omitted, any
interface name will match.
Hi,
Thanks very much! My VPN interface ic alled cscotun0 so I use:
$ sudo iptables -A OUTPUT -o cscotun0 -m tcp --dport 25 -j ACCEPT
iptables: Invalid argument. Run `dmesg' for more information.
It should be -p tcp not -m tcp.
I run dmesg but I am not sure what to find there.
Look for an error from ip_tables towards the end of the messages.
Peter
