Linux – Port forward + openVPN + iptables

I am trying to share vpn connection between my network without any luck.

I do have an office with Several PC's and we share the internet connection using iptables and our DNS server we also have Mail and FTP Server. Our ISP keep changing there rules and they start blocking some port like 25, 21 and 143. so the best solution i could think of is to use vpn service with a static ip address to use instead of my ISP ip address.

I do need all my computers in my local network to be using the VPN ip address and not my ISP ip address.

My network infrastructure is like this:

Main DNS server with 2 NIC's: /etc/network/interfaces

auto lo eth0 eth1
iface lo inet loopback

#internet 
iface eth0 inet static
    address 10.0.0.2 # dsl modem
    netmask 255.255.255.192
    gateway 10.0.0.1        
#local
iface eth1 inet static
    address 10.0.1.1 # local network
    netmask 255.255.255.240

Mail server /etc/network/interfaces

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
    iface eth0 inet static
        address 10.0.1.3
        netmask 255.255.255.240
        gateway 10.0.1.1


/etc/resolv.conf
nameserver 10.0.1.1

Other clients on local network

address 10.0.1.x  
netmask 255.255.255.240
gateway 10.0.1.1
nameserver     10.0.1.1

I found a way to share the vpn connection using this:

#Disable Firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT


WAN=eth0
VPN=tun0
LAN=eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --append FORWARD --in-interface $LAN -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $WAN -j MASQUERADE
iptables --table nat --append POSTROUTING --out-interface $VPN -j MASQUERADE[/CODE]

with this all computers on my network have internet using the vpn ip address.

what i need is to port forward some ports:

53 coming from the internet to 10.0.1.1
80 coming from the internet to 10.0.1.2
110 coming from the internet to 10.0.1.3
143 coming from the internet to 10.0.1.3
25 coming from the internet to 10.0.1.3

iptables -L -v

Chain INPUT (policy ACCEPT 107K packets, 53M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 93343 packets, 45M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 117K   18M ACCEPT     all  --  eth1   any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 131K packets, 27M bytes)
 pkts bytes target     prot opt in     out     source               destination

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
174.37.222.38   10.0.0.1        255.255.255.255 UGH   0      0        0 eth0
10.0.1.0        0.0.0.0         255.255.255.240 U     0      0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.192 U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 tun0
0.0.0.0         10.10.11.1      128.0.0.0       UG    0      0        0 tun0
128.0.0.0       10.10.11.1      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.0.0.1        0.0.0.0         UG    100    0        0 eth0

ifconfig

eth0      Link encap:Ethernet  HWaddr 00:30:4f:1c:49:f8  
          inet addr:10.0.0.2  Bcast:10.0.0.63  Mask:255.255.255.192
          inet6 addr: fe80::230:4fff:fe1c:49f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:107511 errors:0 dropped:0 overruns:0 frame:0
          TX packets:129620 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:56746295 (56.7 MB)  TX bytes:29161617 (29.1 MB)
          Interrupt:11 Base address:0xc000 

eth1      Link encap:Ethernet  HWaddr 00:08:54:41:42:88  
          inet addr:10.0.1.1  Bcast:10.0.1.15  Mask:255.255.255.240
          inet6 addr: fe80::208:54ff:fe41:4288/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:132276 errors:0 dropped:0 overruns:0 frame:0
          TX packets:105899 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:22646823 (22.6 MB)  TX bytes:50537547 (50.5 MB)
          Interrupt:10 Base address:0xc400 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1501 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1501 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:192540 (192.5 KB)  TX bytes:192540 (192.5 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.204.139.115  P-t-P:10.204.139.115  Mask:255.0.0.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:101518 errors:0 dropped:0 overruns:0 frame:0
          TX packets:127403 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:46913004 (46.9 MB)  TX bytes:19594649 (19.5 MB)

Linux – Port forward + openVPN + iptables

Best Answer

Related Topic

Best Answer

Related Solutions

Linux – Setting up Windows network on Xen

Linux – Forward http traffic to another ip address with iptables

Related Topic