1 |
On 12/3/18 5:55 AM, Andrew Udvare wrote: |
2 |
> |
3 |
> iptables on server: |
4 |
> -A FORWARD -s 10.100.0.0/24 -i tun0 -o enp1s0f0 -m conntrack --ctstate NEW -j ACCEPT |
5 |
> |
6 |
|
7 |
Is that only forwarding packets for new (i.e. not existing) connections? |
8 |
|
9 |
Ours looks like, |
10 |
|
11 |
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT |
12 |
iptables -A FORWARD -s $INSIDE_NET -j ACCEPT |
13 |
iptables -A FORWARD -i $VPN_INTERFACE -j ACCEPT |
14 |
|
15 |
(and you need to enable the net.ipv4.ip_forward sysctl) |