Forum
Firetable for a gateway with tun0 (forward and snat rules)
Heiko
29 April 2015, 15:42
Hello Hugo,
I like using Firetable. I use it on some Servers.
Now I want to configure a gateway with tun0 for at home.
But I'm not sure, how to build up this forward rules elegant in Firetable:
iptables -A FORWARD -o tun0 -i eth0 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -o tun0 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
What would be the correct syntax in Firetable? I'm not sure to understand the snat and forward syntax in firetable correctly
Could you give me an example?
Thank you very much and many thanks for all what you do for open source
Operating System: Debian Testing
I like using Firetable. I use it on some Servers.
Now I want to configure a gateway with tun0 for at home.
But I'm not sure, how to build up this forward rules elegant in Firetable:
iptables -A FORWARD -o tun0 -i eth0 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -o tun0 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
What would be the correct syntax in Firetable? I'm not sure to understand the snat and forward syntax in firetable correctly
Could you give me an example?
Thank you very much and many thanks for all what you do for open source
Operating System: Debian Testing
Hugo Leisink
30 April 2015, 00:25
Masquerading is not supported by Firetable. Masquerading is for connections with a short life span, like dial-up connections. Do you really need that?
Heiko
30 April 2015, 00:54
It is for a tun (vpn) with dynamic allocated IP's. So it is like a dial-up connection. Correct?
Hugo Leisink
30 April 2015, 09:48
Yes. But you can still try if the snat/forward option also work.
Heiko
30 April 2015, 11:03
Thank you Hugo 
this is working for me:
# Forward
#
forward ip from 192.168.2.0/24
snat ip from 192.168.2.0/24
And in firetable.conf
enable_nat = yes
Firetable is pretty cool and easy for use
this is working for me:
# Forward
#
forward ip from 192.168.2.0/24
snat ip from 192.168.2.0/24
And in firetable.conf
enable_nat = yes
Firetable is pretty cool and easy for use
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
