I used this two rules, it work.
iptables -t filter -A FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.1.100 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
But I want to put more restriction on it, so I change it to
iptables -t filter -A FORWARD -p tcp -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.1.100 --dport 80 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
It stop working at this point.
routing only http traffic to specific server
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
carilwang
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Sep 03, 2015 1:18 am
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: routing only http traffic to specific server
while i dont know what exactly are you trying to do but keep in mind that:
iptables are read sequentially , first match is applied
if none of your rules match then the default is applied
so, without posting the complete ruleset used no one knows why your rules fail,
also -A is for APPENING a rule , keep in mind the sequentially thing i said...
Michael.
iptables are read sequentially , first match is applied
if none of your rules match then the default is applied
so, without posting the complete ruleset used no one knows why your rules fail,
also -A is for APPENING a rule , keep in mind the sequentially thing i said...
Michael.
-
carilwang
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Sep 03, 2015 1:18 am
Re: routing only http traffic to specific server
I don't think that should related to my other rules. Since the first two rules work, which mean the packet is not getting blocked before hitting these rules. Also, what I changed is only adding more restriction on only allow tcp to remote port 80. which is what I am currently using. If it get blocked, Is that mean the traffic is no using tcp?