It is used for a number of clients with varying needs:
- To reach my local LAN resources only
- To reach the Internet from my home gateway without access to the server side LAN
- To in effect be part of the local LAN i.e. reach all resources there and use the gateway to Internet
- Special case: to connect the two LAN's at home and at my summer cottage together so all local hosts in both places can reach each other.
For this I have set up 3 services with different rules and it works just fine.
For the joined LAN's I also have specific router routing rules. Also works just fine.
New configuration
Now I would like to know if/how I can configure it such that a specific new client can only reach the NFS share on the VPN server itself, i.e. it should not be able to reach the local LAN and not use the gateway to the Internet. Just get access to the NFS share on the server itself.
The client will be a RaspberryPi media center running Kodi and it is supposed to be able to display the videos available on the NFS share only.
I have enabled ccd so if it is possible to enter a specific set of commands for this client only then I guess it could use the local LAN channel provided it can be blocked from reaching out to other hosts on that LAN outside of the VPN server itself.
How should this configuration/ccd rule look like?
I have a similar situation for a consultant at work where we did the following in IPTABLES:
Code: Select all
*filter
:INPUT ACCEPT [5757243:769154969]
:FORWARD ACCEPT [371183:80146904]
:OUTPUT ACCEPT [3906404:285072384]
-A FORWARD -s 10.8.121.128/25 ! -d 10.0.0.10/32 -j DROP
-A FORWARD -s 10.8.131.128/25 ! -d 10.0.0.10/32 -j DROPIs this the way to go also for the above case (not the same addresses of course) to use iptables?