iptables - allow internet access and deny lan access

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
Post Reply
gilles
OpenVpn Newbie
Posts: 8
Joined: Thu May 29, 2014 1:22 pm

iptables - allow internet access and deny lan access

Post by gilles » Sat Jan 21, 2017 10:48 pm

i have an openvpn server in a network with LAN devices.
i currently use the FORWARD option in iptables to authorize some LAN devices for VPN clients and deny others.
(FORWARD default is DROP).
i want now to provide internet access for VPN clients.
my problem is that i have to forward all trafic so it can join internet gateway.
even if i forward only the necessary ports (50,80,443), VPN clients can join web servers on the LAN.
i can't find a good setup to maintain these restrictions.
can somebody point me in a direction for this ?

Post Reply