Configure iptables on Linux Router Box to pass VPN Trafic

[smad]

Hi,

I am getting stuck to configure a linux box in front on the Untangle to passmy VPN Traffix

My Config :

Internet traffic 1 for VPN --| Linux Router|
Internet 2 Web, and other --| with Iptable |--| Untangle Box |--|My Network

I configure VPN Server on my Untangle Box, and I want to forward the traffix from my Internet Connection 1 to Untangle with a masq from the Public ip 1, but without success :-(
Details Config :
Eth0 (internet Connection 1) Public IP : 203.X.X.58/29
Eth1 (Connect to Untangle) : 10.0.0.1/24
Eth 2 (connection Internet 2)

Untangle : IP 10.0.0.2/24

Iptables Rules for VPN on my Linux Box

Code:

echo "autorise port 1194"
iptables -A INPUT -i eth0  -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --sport 1194 -j ACCEPT

# Translate VPN data (port 1194) to Untangle 
echo "Nat Translation for VPN "
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1194 -j DNAT --to 10.0.0.2
iptables -t nat -A POSTROUTING -o eth0 -p udp --sport 1194 -j SNAT --to 203.X.X.58

If I do telnet from a vpn client to telnet 203.X.X.58 1194 : I have no reply :-(

Thanks for your help.

[smad]

Ok so writting it, sleeping on it, and i finaly find it :-)

I forget the forward. So final command is :

Code:

echo " [Rule for VPN]"
# Accept data from Internet on eth0 from port 1194
echo "autorise port 1194"
iptables -A INPUT -i eth0  -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --sport 1194 -j ACCEPT
# Translate VPN data (port 1194) to Untangle 
echo "Nat Translation for VPN to St Yusuf"
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1194 -j DNAT --to 10.0.0.2
iptables -t nat -A POSTROUTING -o eth0 -p udp --sport 1194 -j SNAT --to 203.X.X.58
# Forward VPN Traffic from Internet to Untanlge
echo "Forward VPN port 1194 to untangle"
iptables -A FORWARD -p udp -s 0/0 --destination-port 1194  -j ACCEPT

[igpf]

I'm not entirely sure, but I think i have the same issue.. unfortunately i haven't resolved it.

I have setup the openvpn to export hosts...
when the client connects to the openvpn , everything seems to work fine. however, i can't view the shares on the network... i can't ping the addresses either. I can however remote desktop into a specific machine from the host network.

any ideas on how to make it view the shares and ping and all the other good things?

[dmorris]

I'm not entirely sure, but I think i have the same issue.. unfortunately i haven't resolved it.

I have setup the openvpn to export hosts...
when the client connects to the openvpn , everything seems to work fine. however, i can't view the shares on the network... i can't ping the addresses either. I can however remote desktop into a specific machine from the host network.

any ideas on how to make it view the shares and ping and all the other good things?

He's talking about configuring port forwarding on a linux router *in front of* the untangle server.

check the routing table on your connected hosts. check that your address pool doesn't overlap your current network, and that whatever you're trying to connect to is exported.
test with IPs - not hostnames.

[sky-knight]

And don't forget that your LAN clients will be using the router as their gateway not the UT server. So if you want the LAN clients to be able to communicate with the OpenVPN cloud you need to configure a route in the router that moves the cloud's range to the UT server for routing. Otherwise the VPN will come up but the local computers don't have a route to that network.

[igpf]

Thanks guys. But as it turns out, I was blocking the Samba/SMB protocol in the "Protocols" section. My samba shares are alive!!!

Thanks again.