Iptables setup on VPN client having LAN [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 5 years ago.

Improve this question

I am struggling with some problem, probably because there is simply not enough information on the web regarding some specifics I am trying to setup.

I have bought OpenVPN service via tun (routing). I connect to the OpenVPN server through Raspberry PI (serving me as router), which has two interfaces – eth0 for handling Internet connection and wlan0 for my internal LAN.

My goal is to setup firewall in such way, that I can filter tun-ned income traffic and be able to reach web from LAN behind wlan0. Also – everything should go via VPN.

From the architectural point of view I think it should look like this:

INPUT, FORWARD – dropped,
OUTPUT – allowed,
eth0 allows to flow only packets via default OpenVPN service port,
tun adapter should have all INPUT-related policies applied and should be NAT-ted.

What you think – is this correct thinking? I have managed so far to be able to ping from SSH-ed Raspberry PI into web, but yet no DNS – do I understand correctly that I should have own DNS forwarder? DHCP server is set on Raspberry PI.

Thanks!

Answer

I have already solved the issue. For those which are interested – incoming packets from LAN are processed by openvpn client (tun/tap), then passed over internet-facing interface. So it was a mater of setting correct forwarding between interfaces. /etc/resolv.conf just had to been overwritten with global (like Google) DNSes to solve ping-related problem.

Advertisement

Answer