[Techtalk] iptables rules for openvpn review, please

John Clarke johnc+linuxchix at kirriwa.net
Wed Feb 28 03:28:01 UTC 2007

On Tue, Feb 27, 2007 at 07:14:52 -0800, Carla Schroder wrote:

Hi Carla,

> Yes. Death to NAT.


NAT's not that hard once you understand how iptables works.  You just
have to make sure that your forwarding rules use the addresses before or
after NAT, depending upon which chain they're in and whether its SNAT or

You'll still make mistakes though; I do, often :-/  Logging + tcpdump
helps when you do.

> Thanks, that is very helpful!

You're welcome.  Let me know if there's anything else I can do to help.


I was thinking about bolting them together with security screws and leaving 
contact poison on the only compatible screwdriver in  plain view.  Subtlety 
is important.
            -- Peter da Silva

More information about the Techtalk mailing list