iptables - allow internet access and deny lan access
Posted: Sat Jan 21, 2017 10:48 pm
i have an openvpn server in a network with LAN devices.
i currently use the FORWARD option in iptables to authorize some LAN devices for VPN clients and deny others.
(FORWARD default is DROP).
i want now to provide internet access for VPN clients.
my problem is that i have to forward all trafic so it can join internet gateway.
even if i forward only the necessary ports (50,80,443), VPN clients can join web servers on the LAN.
i can't find a good setup to maintain these restrictions.
can somebody point me in a direction for this ?
i currently use the FORWARD option in iptables to authorize some LAN devices for VPN clients and deny others.
(FORWARD default is DROP).
i want now to provide internet access for VPN clients.
my problem is that i have to forward all trafic so it can join internet gateway.
even if i forward only the necessary ports (50,80,443), VPN clients can join web servers on the LAN.
i can't find a good setup to maintain these restrictions.
can somebody point me in a direction for this ?