======================================================= iptables -L -v -n ======================================================= Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 28481 2771K ACCEPT all -- !eth0 * 0.0.0.0/0 0.0.0.0/0 24173 3206K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 211 12572 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 5 210 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1195 628 65288 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 177 9637 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 366 53582 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 547M packets, 347G bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 7371K packets, 3395M bytes) pkts bytes target prot opt in out source destination ======================================================= iptables -t nat -L -v -n ======================================================= Chain PREROUTING (policy ACCEPT 6247K packets, 448M bytes) pkts bytes target prot opt in out source destination 2 120 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:444 to:10.0.0.29:443 3 180 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:8080 to:10.0.0.29:443 10758 607K DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:18446 to:10.0.0.253 2114 195K DNAT udp -- * * 0.0.0.0/0 173.14.96.225 udp dpt:18446 to:10.0.0.253 9272 470K DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:25 to:10.0.0.253 5214 311K DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:80 to:10.0.0.253 6 320 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:443 to:10.0.0.253 192 11500 DNAT tcp -- eth0 * 0.0.0.0/0 173.14.96.225 tcp dpt:53 to:10.0.0.253 4338 282K DNAT udp -- eth0 * 0.0.0.0/0 173.14.96.225 udp dpt:53 to:10.0.0.253 9 468 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:25565 to:10.0.0.253 0 0 DNAT udp -- * * 0.0.0.0/0 173.14.96.225 udp dpt:25565 to:10.0.0.253 0 0 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpts:20:21 to:10.0.0.254 0 0 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:990 to:10.0.0.254 19 1092 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:5900 to:10.0.0.254 1 52 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:23 to:10.0.0.253:22 0 0 DNAT tcp -- * * 0.0.0.0/0 173.14.96.225 tcp dpt:5903 to:10.0.0.26:5900 Chain POSTROUTING (policy ACCEPT 2821K packets, 169M bytes) pkts bytes target prot opt in out source destination 50 4881 MASQUERADE all -- * * 10.0.5.0/24 0.0.0.0/0 84459 5816K MASQUERADE all -- * * 10.0.0.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * * 10.0.1.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * * 10.0.3.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * * 10.0.4.0/24 0.0.0.0/0 2133 157K MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 363K packets, 26M bytes) pkts bytes target prot opt in out source destination ======================================================= ip addr ======================================================= 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:20:78:08:1e:c4 brd ff:ff:ff:ff:ff:ff inet z.z.z.z/30 brd z.z.z.z scope global eth0 inet6 fe80::220:78ff:fe08:1ec4/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:10:b5:91:a6:e7 brd ff:ff:ff:ff:ff:ff inet 10.0.0.251/24 brd 10.0.0.255 scope global eth1 inet6 fe80::210:b5ff:fe91:a6e7/64 scope link valid_lft forever preferred_lft forever 6: eth1.100@eth1: mtu 1500 qdisc noqueue link/ether 00:10:b5:91:a6:e7 brd ff:ff:ff:ff:ff:ff inet 10.0.1.251/24 brd 10.0.1.255 scope global eth1.100 inet6 fe80::210:b5ff:fe91:a6e7/64 scope link valid_lft forever preferred_lft forever 32: tun1: mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.0.5.1 peer 10.0.5.2/32 scope global tun1 33: tun0: mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.0.3.1 peer 10.0.3.2/32 scope global tun0 ======================================================= route -n ======================================================= Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.5.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1 10.0.3.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 z.z.z.z 0.0.0.0 255.255.255.252 U 0 0 0 eth0 10.0.5.0 10.0.5.2 255.255.255.0 UG 0 0 0 tun1 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.100 10.10.0.0 10.0.5.2 255.255.255.0 UG 0 0 0 tun1 10.0.3.0 10.0.3.2 255.255.255.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 z.z.z.z 0.0.0.0 UG 0 0 0 eth0 ======================================================= openvpn server.conf ======================================================= port 1195 proto udp dev tun1 ca keys/blueboywilpigorgca/ca.crt cert keys/blueboywilpigorgca/angryblueboy.crt key keys/blueboywilpigorgca/angryblueboy.key dh keys/blueboywilpigorgca/dh2048.pem server 10.0.5.0 255.255.255.0 crl-verify keys/blueboywilpigorgca/crl.pem cipher DES-CBC user nobody group nobody status servers/AngryBlueboy/logs/openvpn-status.log log-append servers/AngryBlueboy/logs/openvpn.log verb 2 mute 20 max-clients 100 keepalive 10 120 client-config-dir /etc/openvpn/servers/AngryBlueboy/ccd client-to-client comp-lzo persist-key persist-tun ccd-exclusive push "route 10.0.0.0 255.255.255.0" route 10.10.0.0 255.255.255.0 ======================================================= cat servers/AngryBlueboy/ccd/angrylemming ======================================================= iroute 10.0.5.0 255.255.255.0