Iptable nat rule for openvpn access ?

R

r.fluttaz

Guest
Hi,
I've setted up an openvpn server on a openvz ve, and i want to add to is venet a iptable nat (masquerade) rule.

So i've tried on the vm but i got an error msg who said thats nat module isn't loaded ... Then i want to know if i can load this module in my vm (in the vz.conf ?) but witch module i had to add to make this iptable works ?

Code:
iptables -t nat -A POSTROUTING -s '10.8.0.0/24' -o venet0:0 -j MASQUERADE
or maybe
iptables -t nat -A POSTROUTING -s '10.8.0.0/24' -o IP_OF_MY_VM -j MASQUERADE

I've seen this page : http://pve.proxmox.com/wiki/Network_Model but it's for bridged interface ...
And this page : http://wiki.openvz.org/Using_NAT_for_container_with_private_IPs is very confusing for proxmox user ...

So to resume ... how can i add the needed module ? (and what module ?)
And Where config the iptable to make it works ? on the host ? on the vm ?

I put my little howto configure my vpn on my server so you can see what i did ...

Sorry for my english
 

Attachments

  • vpn.txt
    6.3 KB · Views: 12
Hi,

In /etc/vz/vz.conf
you can add:
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
To give the container access to every iptables module there is avaible.
Remember to restart vz (/etc/init.d/vz restart)

You need to configure iptables in the container (vm) (asuming your are using public ip's, and no firewall on host)


Marius
 
ok, so all modules seems ok ...

Then, i want to activate internet access trough the vpn server.
So i need to forward all the trafic who came in the vpn to go on venet0:0 ?
i've tried : iptables -t nat -A POSTROUTING -s '10.8.0.0/24' -o 91.121.45.39 -j MASQUERADE but doesn't works ...

Any ideas ?
 
Hi,

I'm not very into iptables and NAT, but give it a try:

iptables --table nat --append POSTROUTING --out-interface xxx -j MASQUERADE

iptables --append FORWARD --in-interface xxx -j ACCEPT

Remember to change 'xxx' to out and in interface.

echo 1 > /proc/sys/net/ipv4/ip_forward

Marius


(Remember to flush tables before)
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!