Comment on How to make GRE tunnel iptables port redirect on Linux by admin.
Hi why you use MASQUARADE (its nowadays obsolete)
iptables –table nat –append POSTROUTING –out-interface eth1 -j MASQUERADE
iptables –append FORWARD –in-interface eth0 -j ACCEPT
I would suggest you remove this rules and use instead
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -d 192.168.5.0/24 -j SNAT –to-source 192.168.5.9
# iptables SNAT rules for OpenVPN addrs routing from 10.8.0.0 to access 192.168.5.0
/sbin/iptables -t nat -I POSTROUTING -s 192.168.5.0/24 -d 10.8.0.0/24 -j SNAT –to-source 10.8.0.1
# iptables SNAT rules to allow connected OpenVPN user to access Internet via 109.104.206.253
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j SNAT –to 108.104.205.254
Here I assume
192.168.5.0/24 (is your network of hosts 192.168.5.1-255 on interface eth1)
10.8.0.0 is assigned IP by VPN connected hosts
108.104.205.254 – is your external (internet) IP address configured on eth0
Hope thsi helops.
Rest of your rules seems ok
If problems persist try to temporary comment
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
#iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
Best Georgi
admin Also Commented
How to make GRE tunnel iptables port redirect on Linux
yes probably in the hurry will fix that thx 🙂
Glad it helped
Recent Comments by admin
What is rather fun is during the anti-protest organized by Metropolitan Nikolay (with people only from the Plovdiv eparchy just like in the good old times of communism was financed by the unwilling people to go to the event). It was lied that the reason for Nikolay people to protest is because this is a protest in front of the Synod against the accepting of gay marriages (what a lie !!!). Besides that there is a many people from village called Krepost (if not mistaken the village) who were (protestants!) and came to protest in favour of the new anti people legislation (even though not orthodox christians), because they were mislead the protests are against the gays!
Metropolitan Nikolay has publicly asked priests in his eparchy to sign a document they're going to be present on the protests that should support the New Synodal "order". Those who were unwilling to cooperate of course can always be sent by their Metropolitan to a very distant village or even taken away their profession as priests so there was a lot of pressure put on those people.
От архива: Христовата любов побеждава дори смъртта, твърдеше приживе патриарх Неофит
Българският Патриарх Неофит в Москва на 8 Март 2016 г. ЧАСТ 2
Christ is Risen Eastern Orthodox Resurrection Paschal Greeting in Different Languages
Hi Stan,
I guess you cannot read the writtings on the icon as it is in cyrillic.
This is not Saint Mary and Saint Peter but Adam and Eve written in cyrillic on top of the icon.
Actually in orthodoxy it is a requirement for the depicted personalities, especially saints to have
written on the names of the saint and have the Halo. If you look closely at the picture you will notice
the two Adam and Eve are missing a Halo. The only person with a Halo in the icon is Saint John the Baptist.
Best Regards
Georgi
Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
–rwo, –report-warnings-only
This option causes only warning messages to be displayed. This can be useful when rkhunter is run via cron. Other options may
be used to force other items of information to be displayed.
–sk, –skip-keypress
When the –check command option is used, after certain sections of tests, the user will be prompted to press the return key
in order to continue. This option disables that feature, and rkhunter will run until all the tests have completed.
