OpenVPN and firewall rules on RHEL 5 or CentOS 5
It took me a bit too long to figure out how to add a masquerade rule to the server’s firewall so openvpn clients can reach the Intarweb too. So here it is in case you are looking to do the same:
# service iptables stop
# iptables -t nat -A POSTROUTING -s <network/cidr> -o <interface> -j MASQUERADE
# service iptables save
# service iptables restart
Example of <ip network/cidr>: 10.0.1.0/24
Example of <ethernet interface>: eth0
You can find the added rule in /etc/sysconfig/iptables
And make sure that you have IP forwarding enabled too or else it will still not work:
# echo “1″ > /proc/sys/net/ipv4/ip_forward
Update:
The solution above does not cover the situation where you already have firewall rules active and want to *add* the masquerading rule to your existing firewall rules. The solution is explained below. Note that you do *not* stop your active firewall to make this work. You should also make a backup of your existing firewall rules so you can go back to the original firewall configuration in case something goes wrong.
# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
# iptables -t nat -A POSTROUTING -s <network/cidr> -o <interface> -j MASQUERADE
# service iptables save
# service iptables restart
That’s it. If you open /etc/sysconfig/iptables you should see the masquerading rule at the top. And if you issue the command “service iptables status” then you should see the new masquerading rule active.