In this OpenVPN howto have they this iptables rule
iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
service iptables save
which is made for a server with 2 NIC's.
I only have one NIC.
How would this iptables look like for a server with only 1 NIC?
答案1
The above iptables rules use for this diagram:
client ----- (eth1) OpenVPN server (eth0) ----- LAN
| |
|________________(tun+)__|
so if you have only one NIC, something like this:
client ----- (eth0) OpenVPN server
| |
|________________(tun+)__|
you can write iptables rules like belows:
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
Remove the 3 last FORWARD chain rules.
答案2
In the example you linked, eth1 is the external interface, while eth0 is the LAN interface. Those iptables rules make possible for VPN connections from the outside to access the local LAN.
You don't need them if using a single eth0, a part, maybe, the lines:
iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
in case you have a default DROP policy in iptables (or if you use a software firewall inteface, you need to allow connections to port 1194).
That said, what's the need for a VPN with just one ethernet interface? Or do you have a WAN and a LAN IP on the same interface?