Reply To: ip_conntrack working?

Home Page Forums Network Management Networking ip_conntrack working? Reply To: ip_conntrack working?

#45235

imported_fulvio
Participant

You should not use the BRIDGE00 interface in your iptables rules, but its components VPN00 and ETH00 and then make no sense to use NEW and ESTABLISHED together.
If for example you want that only the connections initiated from your LAN are forwarded to the VPN you just have to configure the firewall to look like the following:

Chain FORWARD (policy ACCEPT 7 packets, 588 bytes)
pkts bytes target prot opt in out source destination
8 672 ACCEPT all — VPN00 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all — VPN00 * 0.0.0.0/0 0.0.0.0/0