John Kreno on 26 Sep 2014 20:56:35 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OpenVPN Question

If you are trying to host services on the WAN, you can try doing source routing, but that will keep that host effectively going over the WAN for all connections. Maybe there's a way to catch only certain ports and or related traffic. I'm almost certain that IPtables isn't going to do this automatically. Even it has to rely on the ip routing table.

On Fri, Sep 26, 2014 at 10:49 PM, Rich Freeman <> wrote:
I have a routing question and I'm not quite sure how linux will handle
this situation.

I have a router with interfaces for the lan, wan, and I'd like to set
up a vpn as well.

I'd like to forward some wan ports to lan ports, which normally is
trivial to do.

I'd like to NAT lan traffic to the vpn, NOT the wan.  On its own I'd
think that would be pretty simple to do as well.

What I'm not sure is what will happen if I combine the two.  How can I
configure the router to NAT outgoing connections over the VPN, but
have replies to connections coming in over the wan go out over the wan
(so that is NATed as well)?  I don't want a host to try to connect via
the wan interface and have the replies go out over the VPN where
they're going to end up having the wrong IP.

Is linux iptables/etc just going to do the right thing here automatically?

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --

John Kreno

"Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety." - Ben Franklin
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --