VH-BIL
New Around Here
I have selective routing working from instructions on this page. I want to still be able to port forward to my server from my wan address. If I do not run the openvpn-event and firewall-start scripts, port forwarding works fine. Is there something I can add to one of the scripts to keep the port forwarding working?
The server has 2 interfaces:
192.168.69.250
192.168.69.240 (anything bound to 240 should go through the VPN)
I am forwarding ports on the router:
7990 -> 192.168.69.250 (Atlassian Stash)
8080 -> 192.168.69.250 (Atlassian Jira)
80 -> 192.168.69.250 (Web Server)
My openvpn-event script:
My firewall-start script:
The server has 2 interfaces:
192.168.69.250
192.168.69.240 (anything bound to 240 should go through the VPN)
I am forwarding ports on the router:
7990 -> 192.168.69.250 (Atlassian Stash)
8080 -> 192.168.69.250 (Atlassian Jira)
80 -> 192.168.69.250 (Web Server)
My openvpn-event script:
Code:
#!/bin/sh
sleep 2
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
ip route show table main | grep -Ev ^default | grep -Ev tun11\
| while read ROUTE ; do
ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.240 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.241 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.242 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.243 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.244 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.245 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.246 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.247 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.248 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.69.249 -j MARK --set-mark 0
exit 1
My firewall-start script:
Code:
#!/bin/sh
sleep 4
iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I FORWARD ! -o tun11 -s 192.168.69.240 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.241 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.242 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.243 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.244 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.245 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.246 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.247 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.248 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.69.249 -j DROP
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
chmod a+rx /jffs/scripts/firewall-start