태그 보관물: iptables

iptables

openvpn tun에서 인터넷 사용-Azure Linux -t nat -L Chain PREROUTING (policy

나는이 작업을 수행하려고 OpenVPN TUNAzure Linux예 :

-=Android Client=- --> -=VPS=- --> -=Internet=-

클라이언트는 연결하지만 인터넷에 액세스 할 수 없습니다.

iptables 명령

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to 191.236.xxx.xxx

(Azure의 공개 가상 인터넷 IP)

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to 100.75.xxx.xxx

( eth0로부터 의 IP- ifconfig내부 Azure IP)

IP 테이블 출력

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:100.75.xxx.xxx

전송

# cat /etc/sysctl.conf | grep forw
net.ipv4.ip_forward=1

server.conf

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Syslog

Nov  2 17:19:58 azu-1 ovpn-server[1711]: 109.242.144.133:11810 [azu1-mx4] Peer Connection Initiated with [AF_INET]109.242.144.133:11810
Nov  2 17:19:58 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Nov  2 17:19:58 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 MULTI: Learn: 10.8.0.6 -> azu1-mx4/109.242.144.133:11810
Nov  2 17:19:58 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 MULTI: primary virtual IP for azu1-mx4/109.242.144.133:11810: 10.8.0.6
Nov  2 17:19:59 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 PUSH: Received control message: 'PUSH_REQUEST'
Nov  2 17:19:59 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 send_push_reply(): safe_cap=940
Nov  2 17:19:59 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 SENT CONTROL [azu1-mx4]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

내가 무엇을 잘못하고 있지?



답변

글쎄, 그것은 운이 좋았습니다-빠른 해결책을 찾았습니다 🙂

누군가에게 이익이되는 경우 게시-이것이 나를 위해 일한 것입니다.

iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE


답변