I am following this tutorial[1] to set up OpenVPN. It suggests running
both of the following commands:
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A
POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
I was reading about firewalld and iptables and some people have
wrote[2] that the 1st command should already add a similar rule as the
2nd one I guess without the specific subnet range. Why not use only
the 2nd command? What benefit is also running the 1st?
Regard to the -o eth1 I have multiple public IP address with each has
its own interface. How do I force to NAT and MASQUERADE the openvpn
subnet to the IP address (interface) of my choice? Is -o eth1
detecting traffic that is already routed out interface eth1? If yes,
where does the routing happen? If no, can I change -o eth2 to get what
I want? (BTW openvpn only listening on port 1194 for IP address thats
on eth2.)
Other question: I read[3] "if you use default public zone for your
external facing network adapter then your loopback interface could
also be masqueraded" which I am concerned about. How do I test if this
is the case and what are the side effects?
[1]
https://www.digitalocean.com/community/tutorials/how-to-setup-and-configu...
[2]
https://www.reddit.com/r/linuxadmin/comments/7iom6e/what_does_firewallcmd...
[3]
https://unix.stackexchange.com/a/149193
-------------------------------------------------
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's
hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!