Hi why you use MASQUARADE (its nowadays obsolete) iptables –table nat …

Friday, 29th March 2024

Comment on How to make GRE tunnel iptables port redirect on Linux by admin.

Hi why you use MASQUARADE (its nowadays obsolete)
iptables –table nat –append POSTROUTING –out-interface eth1 -j MASQUERADE
iptables –append FORWARD –in-interface eth0 -j ACCEPT

I would suggest you remove this rules and use instead

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -d 192.168.5.0/24 -j SNAT –to-source 192.168.5.9
# iptables SNAT rules for OpenVPN addrs routing from 10.8.0.0 to access 192.168.5.0
/sbin/iptables -t nat -I POSTROUTING -s 192.168.5.0/24 -d 10.8.0.0/24 -j SNAT –to-source 10.8.0.1
# iptables SNAT rules to allow connected OpenVPN user to access Internet via 109.104.206.253
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j SNAT –to 108.104.205.254

Here I assume

192.168.5.0/24 (is your network of hosts 192.168.5.1-255 on interface eth1)
10.8.0.0 is assigned IP by VPN connected hosts
108.104.205.254 – is your external (internet) IP address configured on eth0

Hope thsi helops.
Rest of your rules seems ok

If problems persist try to temporary comment

iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

#iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
Best Georgi

admin Also Commented

How to make GRE tunnel iptables port redirect on Linux
yes probably in the hurry will fix that thx 🙂
Glad it helped


Recent Comments by admin

Christ is Risen Eastern Orthodox Resurrection Paschal Greeting in Different Languages
Hi Stan,

I guess you cannot read the writtings on the icon as it is in cyrillic.
This is not Saint Mary and Saint Peter but Adam and Eve written in cyrillic on top of the icon.
Actually in orthodoxy it is a requirement for the depicted personalities, especially saints to have
written on the names of the saint and have the Halo. If you look closely at the picture you will notice
the two Adam and Eve are missing a Halo. The only person with a Halo in the icon is Saint John the Baptist.

Best Regards
Georgi


Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
       –rwo, –report-warnings-only
              This option causes only warning messages to be displayed. This can be useful when rkhunter is run via cron. Other options may
              be used to force other items of information to be displayed.

       –sk, –skip-keypress
              When  the  –check command option is used, after certain sections of tests, the user will be prompted to press the return key
              in order to continue. This option disables that feature, and rkhunter will run until all the tests have completed.

         


Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
As rkhunter check, can be pretty annoying and ask you to press keypresses multiple times and spit you a lot of unnecessery data a very good useful option arguments are:

–rwo and –sk

# rkhunter -c –rwo –sk
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': yes
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no


Fix eth changing network interface names from new Linux naming scheme ens, eno, em1 to legacy eth0, eth1, eth2 on CentOS Linux

Sorry for really late reply.

perhaps you have to create it or rename the ifcfg-eno1 to ifcfg-eth1 or you have some old ifcfg-enp1s0f0 or ifcfg-eno still under /etc/sysconfig/network-scripts/ interfering


How to RPM update Hypervisors and Virtual Machines running Haproxy High Availability cluster on KVM, Virtuozzo without a downtime on RHEL / CentOS Linux
if you happen to be missing versionlock plugin and you need to get use of it

yum versionlock capabilities

You will have to install yum-utils package:

For example on CentOS 8 Linux, to enable the yum versionlock plugiun

yum install yum-utils.noarch


Share this on:

Comments are closed.