panda1410
DD-WRT Novice
Joined: 21 Sep 2010
Posts: 4
|
 Posted: Wed Sep 22, 2010 11:08 Post subject: [iptables] Routing NAS download port only through VPN |
 |
Hi I'm actually trying to replace my old computer that I'm using as a download station through a vpn (ipredator) client by a Synology NAS which has an internal download client.
I also want to use this NAS as a network hard disk that I can access from my local network.
That's why I turned on again my Linksys WRT54g to use it as a VPN client and a router to forward correctly paquets through VPN or local network.
After lot's of research I've found some interesting tutorials which helped me a lot to configure the VPN client through OpenVPN.
I actually succeed in connecting the VPN provider vpntunnel.se but I'm trying to have a much more better routing that is explained in basic tutorials :
| Quote: |
iptables -I FORWARD -i br0 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o br0 -j ACCEPT
iptables -I INPUT -i tap0 -j REJECT
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE |
I've learned a lot about iptables and NAT (I was starting from zero)and even if I've basicaly understood the syntax I'm still unable to write some rules that currently work for my personnal network.
Here is a basic picture of my network's architecture.
Indeed I want to forward only the download port (6881~6890) of my NAS thought the VPN (vpntunnel.se)and al the other traffic through my actual local network (to do some backup or timemachine plus DLNA) and my modem with my real public IP adress (accessing NAS remotely from internet)
I also want to use the linksys WLAN to make it an access point connected directly through the VPN to sometimes use it to surf anonymously with a laptop. The Freebox router and WLAN 802.11n will be the main wifi access to my local network and internet.
The "freebox" that you can see at the top of the picture is the modem/router/WLAN of my french ISP and is not really customizable as you can only do some basic port forwarding and DHCP static ip assignment.
That' why I'm refering to your community to help me in my installation.
Could you first tell me if my network architecture is correct (especially the WAN LAN wiring of my Linksys)
Secondly could you help me to redact my iptables rules as all my attemps lead to failure and router freeze...
Here is my ideas about routing :
NAS (vlan0) 6881~6890 ->VPN (tap0)
NAS (vlan0) (everything else) ->WAN linksys (vlan1)=LAN Freebox ?
Wifi (eth1)->VPN (tap0)
Here is my last attemp of writing iptables :
| Quote: |
iptables -I FORWARD -i vlan0 -o tap0 -s 192.168.1.2 -p tcp -sport 6881:6890 -j ACCEPT
iptables -I FORWARD -i vlan0 -o tap0 -s 192.168.1.2 -p udp -sport 6881:6890 -j ACCEPT
iptables -I FORWARD -i tap0 -o vlan0 -p tcp -sport 6881:6890 -j ACCEPT
iptables -I FORWARD -i tap0 -o vlan0 -p udp -sport 6881:6890 -j ACCEPT
iptables -I FORWARD -i eth1 -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -o eth1 -j ACCEPT
iptables -I FORWARD -i vlan0 -o vlan1 -sport ! 6881:6890 -j ACCEPT
iptables -I FORWARD -i vlan1 -o vlan0 -sport ! 6881:6890 -j ACCEPT
iptables -I INPUT -i vlan1 -j ACCEPT
iptables -I INPUT -i tap0 -j REJECT
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
|
my freebox is actually set DHCP server ON to give ip adresses in my local network.
Should I turn the DHCP server of ddwrt ON or OFF as it seem to give IP adresses for WLAN clients which want to connect through the VPN?
Thanks a lot in advance for all your advices and already thanks for your community which gave me the oportunity to turn my linksys router into a professionnal one.
and sorry for my english which can be weird sometimes  |
|
