Jump to content

Recommended Posts

Posted (edited)

Подскажите как переписать вот это правило под SNAT ?

Скрипт расположен по адресу /opt/etc/ndm/netfilter.d/ovpnfiltr.sh

Скрытый текст

#!/bin/sh

[ "$table" != filter ] && exit 0
iptables -I FORWARD -i br0 -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

 

думал вот так будет работать

Скрытый текст

#!/bin/sh

[ "$table" != filter ] && exit 0
iptables -I FORWARD -i br0 -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -o br0 -j ACCEPT

ADDROUT = `ip addr list tun0 | grep "  inet " | head -n 1 | cut -d " " -f 6 | cut -d / -f 1`

iptables -t nat -A POSTROUTING -s 192.168.13.0/24 -j SNAT --to-source $ADDROUT

 

 

 

 

Edited by druid
Posted

1 - а почему-бы не использовать готовый OpenVPN и средства прошивки?

2 - попробуйте делать не append, а insert в начало - замените "-A POSTROUTING" на "-I POSTROUTING".

Posted

Так я и использую OpenVPN, только клиенты за роутером интернет без этих правил не получают. А маскарадинг нагружает процессор сильнее чем SNAT, вот и хочу сэкономить мощности процессора))

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

This site uses cookies. By clicking "I accept" or continuing to browse the site, you authorize their use in accordance with the Privacy Policy.