You are not logged in.
Hi all,
I'm trying to setup ShadowVPN client on my router, so all my LAN computers can share the VPN. I use 'sudo tcpdump -i tun0 -P in' on client and can see the expected HTTP responses sent back from ShadowVPN server. however, it cannot be routed+forwarded to wlan0 (my local wireless network). any ideas?
here's my iptables:
*mangle
:PREROUTING ACCEPT [19:1277]
:INPUT ACCEPT [18:1152]
:FORWARD ACCEPT [1:125]
:OUTPUT ACCEPT [12:1154]
:POSTROUTING ACCEPT [13:1279]
:FWMARK - [0:0]
-A PREROUTING -i wlan0 -j FWMARK
-A FWMARK -m set ! --match-set chnroute dst -j MARK --set-xmark 0xffff/0xffffffff
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:122]
:POSTROUTING ACCEPT [1:122]
-A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [20:3058]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m recent --set --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
-A INPUT -p udp -m recent --set --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
-A UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
COMMITLast edited by enihcam (2015-01-22 23:44:24)
Offline