Hello,
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- [b]IP.0/24[/b] anywhere
Is not correct.
You need to input your openvpn IP-Pool. As sayed, example: 10.1.1.0/24
And you have so much different iptables-rules:
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere to:IP.40
SNAT all -- IP/24 anywhere to:IP.40
SNAT all -- 10.8.0.0/24 anywhere to:127.0.0.1
SNAT all -- IP.0/24 anywhere to:127.0.0.1
SNAT all -- anywhere anywhere to:IP of VPN
SNAT all -- anywhere anywhere to:123.123.123.123
SNAT all -- anywhere anywhere to:IP.40
SNAT all -- 10.8.0.0/24 anywhere to:123.123.123.12
SNAT all -- 10.8.0.0/24 anywhere to:IP.40
SNAT all -- 10.8.0.0/24 anywhere to:IP.40
SNAT all -- anywhere anywhere to:IP.40
MASQUERADE all -- anywhere anywhere
flush it first.
iptables -t nat --flush; iptables --flush
Please connect to your openvpn server, check which IP address you get from the server (10.x.x.x) and then add the correct rule.
If you get 10.8.0.1 then your rule would be:
iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0.0/24 -j MASQUERADE
With /24 you add 10.8.0.0-255 to iptables. So dont add only the private ip which you get, add the whole subnet.
I found different rules over google. Its long time ago when i setted up openvpn so i dont remember the correct rule which worked for me. But one of this 3 *must* work for you:
iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0.0/24 (REPLACE WITH YOUR OPENVPN SUBNET) -j MASQUERADE
iptables -t nat -A POSTROUTING -o venet0 -j SNAT -to $YOUR_SERVER_IP (YOUR_SERVER_IP is as example 212.1.1.43. dont use your openvpn private ip here. its the server public ip)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 (REPLACE WITH YOUR OPENVPN SUBNET) -j SNAT --to-source $YOUR_SERVER_IP (YOUR_SERVER_IP is as example 212.1.1.43. dont use your openvpn private ip here. its the server public ip)
If none of these works, then i only can recommend you to google "openvpn openvz iptables". There are many threads about this on the web and there are a lot of different iptables rules out there. But the 3 rules which i have listed should work for you.
If this too not work on your server then i could offer you to send me your openvpn connect files, your openvz ssh login and i fix it. But please try first these rules.
And when you add a new rule and it dont work, then flush the iptables before you try the next rule (again: iptables -t nat --flush; iptables --flush!!
[Updated on: Tue, 19 November 2013 22:07]
Report message to a moderator