A month and a half ago i was following an article posted at these forums (now deleted) that talked about setting up an openvpn server inside lxc containers. I don't remember its author to give credits and the old link does not work.
So I followed this guide and until now I have the following.
I'm running two lxc containers onto a VPS machine and being new in iptables area Im trying to create rules to forward external traffic into containers. The first one (192.168.1.2) is running an openvpn server while the second one (192.168.1.4) is running a web server.
Until now i used only the openvpn lxc and had these iptables rules for forwarding the traffic:
Now, that I want to set up the web server, i added this iptables rule in order to forward http traffic to web server container.
The thing is that while the forwarding to port 80 seems to work (I can visit nginx's welcome page), openvpn clients doesn't have proper internet connection (although they can ping outside world). And by this, I mean that sites loads very slow and some others don't load at all ( It seems that http traffic is getting lost somewhere). If I remove the above rule everything in the openvpn client connection is working as expected but i loose the http server.
P.S : The final rules are these
Are the rules that I've set right ? Is there any way to use both of these protocols without the mentioned conflicts? Any hint is welcome.
Thank you.
So I followed this guide and until now I have the following.
I'm running two lxc containers onto a VPS machine and being new in iptables area Im trying to create rules to forward external traffic into containers. The first one (192.168.1.2) is running an openvpn server while the second one (192.168.1.4) is running a web server.
Until now i used only the openvpn lxc and had these iptables rules for forwarding the traffic:
Code:
# Generated by iptables-save v1.4.21 on Fri Apr 28 16:07:58 2017
*filter :INPUT ACCEPT [1189211:150089991] :FORWARD ACCEPT [902865:826112449] :OUTPUT ACCEPT [1324099:212970374] COMMIT
# Completed on Fri Apr 28 16:07:58 2017
# Generated by iptables-save v1.4.21 on Fri Apr 28 16:07:58 2017
*nat :PREROUTING ACCEPT [36:1998] :INPUT ACCEPT [17:858] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.1.2:1194
-A POSTROUTING -o eth0 -j MASQUERADE COMMIT
# Completed on Fri Apr 28 16:07:58 2017Now, that I want to set up the web server, i added this iptables rule in order to forward http traffic to web server container.
Code:
iptables -t nat -A PREROUTING -p tcp -m conntrack --ctstate NEW --dport 80 -j DNAT --to-destination 192.168.1.4:80The thing is that while the forwarding to port 80 seems to work (I can visit nginx's welcome page), openvpn clients doesn't have proper internet connection (although they can ping outside world). And by this, I mean that sites loads very slow and some others don't load at all ( It seems that http traffic is getting lost somewhere). If I remove the above rule everything in the openvpn client connection is working as expected but i loose the http server.
P.S : The final rules are these
Code:
# Generated by iptables-save v1.4.21 on Fri Apr 28 16:39:24 2017
*filter
:INPUT ACCEPT [1190228:150215153]
:FORWARD ACCEPT [902877:826113261]
:OUTPUT ACCEPT [1325229:213163664]
COMMIT
# Completed on Fri Apr 28 16:39:24 2017
# Generated by iptables-save v1.4.21 on Fri Apr 28 16:39:24 2017
*nat
:PREROUTING ACCEPT [1:44]
:INPUT ACCEPT [1:44]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.1.2:1194
-A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j DNAT --to-destination 192.168.1.4:80
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Apr 28 16:39:24 2017Are the rules that I've set right ? Is there any way to use both of these protocols without the mentioned conflicts? Any hint is welcome.
Thank you.
