From cd182a9f5f33ea443e70a729c6bb8f1f3893c4c8 Mon Sep 17 00:00:00 2001
From: Pijus Kamandulis <pikami@users.noreply.github.com>
Date: Fri, 7 Jun 2019 01:17:57 +0300
Subject: [PATCH] Create openvpn_server_iptables.sh

---
 networking/openvpn_server_iptables.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 networking/openvpn_server_iptables.sh

diff --git a/networking/openvpn_server_iptables.sh b/networking/openvpn_server_iptables.sh
new file mode 100644
index 0000000..4407118
--- /dev/null
+++ b/networking/openvpn_server_iptables.sh
@@ -0,0 +1,17 @@
+# Allow TUN interface connections to OpenVPN server
+iptables -A INPUT -i tun+ -j ACCEPT
+#iptables -A OUTPUT -o tun+ -j ACCEPT # If default iptables OUTPUT value is not ACCEPT
+
+# Allow TUN interface connections to be forwarded through other interfaces
+iptables -A FORWARD -i tun+ -j ACCEPT
+iptables -A FORWARD -i tun+ -o ens2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i ens2 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# NAT the VPN client traffic to the internet
+iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens2 -j MASQUERADE
+
+# Forward ports to clients
+iptables -t nat -A PREROUTING -p tcp -i ens2 --dport 80 -j DNAT --to-destination 10.8.0.6:80
+iptables -A FORWARD -p tcp -d 10.8.0.6 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+iptables -t nat -A PREROUTING -p udp -i ens2 --dport 1337 -j DNAT --to-destination 10.8.0.6:1337
+iptables -A FORWARD -p udp -d 10.8.0.6 --dport 1337 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT