1 Topic by sfurst

  • sfurst
  • Member
  • Offline
  • Registered: 2018-04-09
  • Posts: 5

Topic: iRedMail firewall settings and OpenVPN

I find that iRedMail's implementation of iptables does not allow me to restore the needed forwarding rule for OpenVPN. Specifically, the following is required:

iptables -A POSTROUTING -t nat -s 10.8.0.0/24 -o eth0 -j MASQUERADE

But if you add this to /etc/default/iptables it gets an error that "-t cannot be used with iptables-restore". Now I swear I had both openvpn and iRedMail working on an earlier server under Debian 8, but I can't figure out how.

The question about adding this rule to iptables was asked before but no working answer was provided.

Thanks!

iRedMail 0.9.8
Debian 9 (Stretch)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: iRedMail firewall settings and OpenVPN

sfurst wrote:

iptables -A POSTROUTING -t nat -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Append or prepend lines below in /etc/default/iptables:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT

3 Reply by sambaman

  • sambaman
  • sambaman
  • Member
  • Offline
  • Registered: 2021-01-16
  • Posts: 2

Re: iRedMail firewall settings and OpenVPN

What do these iptables rules look like in nftables ???

I am happily running iRedMail on Debian Buster 10 (with brandnew nftables) .... yet I got difficulty in letting my OpenVPN server reach out to the internet...

4 Reply by sambaman

  • sambaman
  • sambaman
  • Member
  • Offline
  • Registered: 2021-01-16
  • Posts: 2

Re: iRedMail firewall settings and OpenVPN

ZhangHuangbin wrote:
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT

How to convert this to nftables ?