What's the right place to put my custom iptables commands?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
tburette
OpenVpn Newbie
Posts: 2
Joined: Mon Feb 27, 2017 5:02 am

What's the right place to put my custom iptables commands?

Post by tburette » Mon Feb 27, 2017 5:37 am

I installed openvpn as on a new Debian (Jessie) server. There literally is nothing else on it.
The only tricky part is that it has two IP and I need the internet traffic of my openvpn clients to use the right one. This is why I created an iptable command. My question is where to put it so that it runs on every boot and and that my rule is put at the top of the chain.


Here is the iptable command :

Code: Select all

sudo iptables -t nat -I POSTROUTING 1 -s 172.27.224.0/20 -j SNAT --to-source <PUBLIC IP>
note the -I .. 1 to make sure my rule is at the top.

It works fine when I run it manually in the shell :

Code: Select all

sudo iptables -t nat -L

[...]

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
[b]SNAT       all  --  172.27.224.0/20      anywhere             to:<PUBLIC IP>[/b]
AS0_NAT_POST_REL_EST  all  --  anywhere             anywhere             state RELATED,ESTABLISHED
AS0_NAT_PRE  all  --  anywhere             anywhere             mark match 0x2000000/0x2000000
Note that it needs to be at the top otherwise the rules added by openvpn as (AS0_NAT_POST_REL_EST and AS0_NAT_PRE) are used and the traffic doesn't use the right IP.


The challenge is where is where to put the command.

I tried using a script in /etc/network/if-up.d/ to add the rule when the interface comes up. It doesn't work because openvpn as adds its own rule after the script does and my rule is relegated to the bottom of the chain and never executed.

I tried creating a systemd service that runs my command after openvpnas is running. It doesn't work because openvpn apparently still adds its own rule after I did and my rule is still put at the bottom of the chain and never executed.


So my question is where should I put my iptable command?

tburette
OpenVpn Newbie
Posts: 2
Joined: Mon Feb 27, 2017 5:02 am

Re: What's the right place to put my custom iptables commands?

Post by tburette » Mon Feb 27, 2017 7:03 pm

I ended up putting a sleep 30 in my script to make sure everything is set up right :/.

Post Reply