echo "1" > /proc/sys/net/ipv4/ip_forward
/etc/sysconfig/iptables
-A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.9.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.11.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.15.0/24 -j MASQUERADE -o eth0
-A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
I need some help configuring OpenVPN on Centos 7 using
firewalld
.
I used iptables on Centos 6.5 and only had to add the following lines to
/etc/sysconfig/iptables
:-A POSTROUTING -s "10.0.0.0/24" -o "wlan0" -j MASQUERADE
-A FORWARD -p tcp -s 10.0.0.0/24 -d 0.0.0.0/0 -j ACCEPT
run the command: echo 1 > /proc/sys/net/ipv4/ip_forward
open port 443.
Use the firewall-cmd
command.
Assuming you're opening the firewall up to OpenVPN on the default zone, carry out the following commands. If you are running it on a non-default zone, then add --zone=
to the commands.
First, list what's currently open:
# firewall-cmd --list-services
http https ssh
Next, add the openvpn
service:
# firewall-cmd --add-service openvpn
success
A quick check:
# firewall-cmd --list-services
http https openvpn ssh
The above will allow openvpn
to work, which you can now test. However, it won't last over restarts. To make it permanent, add the --permanent
option:
# firewall-cmd --permanent --add-service openvpn`
success
Note that this last command doesn't open the port until the next restart, so you need to use both commands.
Finally, add the masquerade:
# firewall-cmd --add-masquerade
success
And make it permanent after a restart:
# firewall-cmd --permanent --add-masquerade
success
Confirm it:
# firewall-cmd --query-masquerade
yes
Note that if your incoming OpenVPN connection is in a different zone to your Internet facing connection the masquerade should be on the latter and you'll need to use the --zone=
option with the --add-masquerade
commands.