PaulDotCom mailing list archives
Re: how to setup an SNAT rule in Firewall Builder
From: Robin Wood <robin () digininja org>
Date: Mon, 22 Oct 2012 15:26:08 +0100
On 22 October 2012 06:06, Michael D. Wood <mike () itsecuritypros org> wrote:
Curious as to what the outcome of this was, Robin?
I started writing this mail to say it was still broken but then had an idea and now it is working. I added logging to the final deny all rules on the rules and it was that that was killing the traffic. After some experimenting I found I had to add a new rule to allow the OpenVPN network to talk to the world. I had the one that the instructions I followed said would work but it didn't so I had to tweak it a little. Robin
On Oct 16, 2012, at 11:38 AM, Robin Wood wrote:On 16 October 2012 03:10, Michael D. Wood <mike () itsecuritypros org> wrote:Robin, From the research I've done, it almost looks like it could be the order in the way the rules are being processed. You had mentioned everything works fine when you wipe the rules out and add the one manually, is there another rule that you have in place possibly causing it not to work, or getting processed first? Just an idea... http://www.faqs.org/docs/iptables/traversingoftables.htmlIt could be, plus this has just given me the idea to extract the rule that fwbuilder is creating for this and then clearing the rules and running just that on its own. If that works then it is the ordering or something else that is being set, if that fails then it is the rule that is at fault. RobinOn Oct 15, 2012, at 4:14 AM, Robin Wood wrote:Short version of the question, how do I set up this rule using Firewall Builder? iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 123.12.23.43 Longer version. I've got OpenVPN setup on my server and connecting to it from my phone. If I clear all the existing firewall rules on the server and add the rule above routing works fine and I can browser through the VPN but if I leave the existing rules in place and add the new one manually it doesn't work. As the rest of the rules are built using Firewall Builder I need to know how to add that rule so it fits in with the rest and comes up by default. I've tried adding a new entry in the NAT section with a Original Src as my VPN network (as set up in the Networks section under Objects) and the Translated Src as either eth1 or the IP associated with eth1 but that didn't work. I also tried setting things up in Routing but that didn't work either. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- how to setup an SNAT rule in Firewall Builder Robin Wood (Oct 15)
- Re: how to setup an SNAT rule in Firewall Builder Michael D. Wood (Oct 15)
- Re: how to setup an SNAT rule in Firewall Builder Robin Wood (Oct 16)
- Re: how to setup an SNAT rule in Firewall Builder Michael D. Wood (Oct 22)
- Re: how to setup an SNAT rule in Firewall Builder Robin Wood (Oct 22)
- Re: how to setup an SNAT rule in Firewall Builder Robin Wood (Oct 16)
- Re: how to setup an SNAT rule in Firewall Builder Michael D. Wood (Oct 15)