In my previous post regarding OpenVPN, I assumed that the machine is already running iptables as a gateway. If the machine is just a standalone server, you have to enable NAT gateway in iptables. In order to do that, modify /etc/sysconfig/iptables to follow below sample.

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tap+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
COMMIT

And modify /etc/sysctl.conf as follow.

net.ipv4.ip_forward = 1

Then activate the sysctl.

sysctl -p

Now your machine is ready!

Technorati Tags: English, IT, Security, Software, Linux, Tips and Tricks, Firewall, Iptables, NAT, OpenVPN, IP Forward