NAT'ing from OpenVPN

Digininja
2012-10-15
2013-03-05
  • Digininja
    Digininja
    2012-10-15

    Short version of the question, how do I set up this rule using fwbuilder?

    iptables -t nat -A POSTROUTING -o eth1 -j SNAT -to 123.12.23.43

    Where 123.12.23.43 is the IP of eth1.

    Longer version.

    I've got OpenVPN setup on my server and connecting to it from my phone over OpenVPN. If I clear all the existing firewall rules on the server and add the rule above traffic flows fine and I can browser through the VPN but if I leave the existing rules in place and add the new one manually it doesn't work.

    I've tried adding a new entry in the NAT section with a Original Src as my VPN network (as set up in the Networks section under Objects) and the Translated Src as either eth1 or the IP associated with eth1 but that didn't work. I also tried setting things up in Routing but that didn't work either.

    I looked at this page

    http://www.fwbuilder.org/4.0/docs/users_guide/source-address-translation.html

    Which looks similar to what I need but setting it up like that doesn't work.

    I got this rule from a howto on setting up NAT'ing so if there is a better way to do it then I'm not tied just to this rule, I just know that it works when used on its own.

    When I run the rules I get a message saying that fwbuilder can't manage addresses of point-to-point interfaces, could that the problem?