The only tricky part is that it has two IP and I need the internet traffic of my openvpn clients to use the right one. This is why I created an iptable command. My question is where to put it so that it runs on every boot and and that my rule is put at the top of the chain.
Here is the iptable command :
Code: Select all
sudo iptables -t nat -I POSTROUTING 1 -s 172.27.224.0/20 -j SNAT --to-source <PUBLIC IP>
It works fine when I run it manually in the shell :
Code: Select all
sudo iptables -t nat -L
[...]
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
[b]SNAT all -- 172.27.224.0/20 anywhere to:<PUBLIC IP>[/b]
AS0_NAT_POST_REL_EST all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_NAT_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
The challenge is where is where to put the command.
I tried using a script in /etc/network/if-up.d/ to add the rule when the interface comes up. It doesn't work because openvpn as adds its own rule after the script does and my rule is relegated to the bottom of the chain and never executed.
I tried creating a systemd service that runs my command after openvpnas is running. It doesn't work because openvpn apparently still adds its own rule after I did and my rule is still put at the bottom of the chain and never executed.
So my question is where should I put my iptable command?