> # Company: PowerCraft Technology
> # Author: Copyright Jelle de Jong <jelledejong@powercraft.nl>
> # Note: Please send me an email if you enhanced the document
-> # Date: 2010-05-24
+> # Date: 2010-05-24 / 2010-07-04
> # License: CC-BY-SA
>
> # This document is free documentation; you can redistribute it and/or
>
> #-----------------------------------------------------------------------
>
+> # watch out when using multiple dhcp clients there can be conflicts
+>
> echo 'interface "tun1" {
> request subnet-mask, broadcast-address, time-offset,
> host-name, netbios-scope, interface-mtu, ntp-servers;
> post-up route del default dev tun1 || true
> # pre-down /etc/init.d/munin-node stop || true
> # post-up /etc/init.d/munin-node restart || true
+> # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/tun1/proxy_arp || true
+> # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/vlan4/proxy_arp || true
+> # optional # post-up route add -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
+> # optional # pre-down route del -net 192.168.2.0 netmask 255.255.255.0 tun1 || true
>
> #-----------------------------------------------------------------------
>
> lsof -i :656
>
> #-----------------------------------------------------------------------
+>
+> # Accept new connections for fordwarding designated from our virtual private netwerk to the local network
+> /sbin/iptables --append FORWARD --in-interface ${VPN01} --out-interface ${LAN01} --jump ACCEPT
+> /sbin/iptables --append FORWARD --in-interface ${LAN01} --out-interface ${VPN01} --jump ACCEPT
+>
+> # Use masquerade so the outside world sees only one ip source for all outgoing trafic
+> /sbin/iptables --table nat --append POSTROUTING --out-interface ${VPN01} --jump MASQUERADE
+>
+> #-----------------------------------------------------------------------
projects / wiki / commitdiff