openvpn, tun, ipmasq & iptables.

Mumia Paduille & others,

mp> ... iptables ... might go something like this ...

Thanks! This is my instance, not yet tested.

#=========
# Configuration of iptables at either end of an openvpn tunnel
# configured to use port 4122. Packets entering the tunnel
# are redirected to port 22, which is shared with ssh. Packets
# exiting the tunnel are redirected back to 4122.
# <tunnel> is 10.4.0.1 on one end and 10.4.0.2 on the other.
#
# Outgoing packets converge onto port 22.
iptables -t nat -A POSTROUTING -p tcp -s <tunnel> --sport 4122 -j REDIRECT --to-port 22
#
# Incoming packets diverge according to the source address.
# Packets from <tunnel> go to 4122. All other port 22 packets
# are undisturbed.

iptables -t nat -A PREROUTING -p tcp -s <tunnel> --sport 22 -j REDIRECT --to-port 4122
#=========

Does that seem reasonable?

My remaining concerns involve interactions of openvpn, tun, ipmasq & iptables.

• Should I remove ipmasq and try to achieve LAN routing with iptables, as explained under Routing in man openvpn? Or is routing best left to ipmasq?
• Where does tun operate? Does it use iptables? Does it work independently between routing and the interface?
• Will iptables recognize the tunnel address in the rules above?

I am trying to resolve some of the questions before spending hours with trial and error. Thanks for any answers, comments and suggestions, ... Peter E.

Desktops.OpenDoc http://carnot.yi.org/

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org