======================================================= iptables -L -v -n ======================================================= Chain INPUT (policy DROP 2170 packets, 261K bytes) pkts bytes target prot opt in out source destination 795K 64M ACCEPT all -- !eth0 * 0.0.0.0/0 0.0.0.0/0 774K 333M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3258 195K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10101 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5222 0 0 ACCEPT udp -- * * 10.10.0.0/24 0.0.0.0/0 udp dpts:5000:5500 0 0 ACCEPT tcp -- * * 10.10.0.0/24 0.0.0.0/0 tcp dpts:8393:8400 0 0 ACCEPT tcp -- * * 10.10.0.0/24 0.0.0.0/0 tcp dpt:2029 0 0 ACCEPT tcp -- * * 10.10.0.0/24 0.0.0.0/0 tcp dpts:5222:5223 0 0 ACCEPT tcp -- * * 10.10.0.0/24 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 10.10.0.0/24 0.0.0.0/0 tcp dpt:443 16516 782K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 82600 8730K REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 329K 60M DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 103M packets, 67G bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2078K packets, 489M bytes) pkts bytes target prot opt in out source destination ======================================================= iptables -t nat -L -v -n ======================================================= Chain PREROUTING (policy ACCEPT 1546K packets, 170M bytes) pkts bytes target prot opt in out source destination 969 54772 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.10.0.90 40 2268 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.10.0.90 16 864 DNAT tcp -- eth1 * 0.0.0.0/0 x.x.x.x tcp dpt:80 to:10.10.0.90 0 0 DNAT tcp -- eth1 * 0.0.0.0/0 x.x.x.x tcp dpt:443 to:10.10.0.90 2 88 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000 to:10.10.0.90 4 488 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3000 to:10.10.0.90 293 15228 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:10.10.0.90 389 48705 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8080 to:10.10.0.90 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3784 to:10.10.0.90 2 262 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3784 to:10.10.0.90 2 80 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 redir ports 16667 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 redir ports 16667 2 88 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5190 redir ports 16667 2 88 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050 redir ports 16667 10 552 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 redir ports 16667 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8074 redir ports 16667 15 764 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:666 to:10.10.0.90:22 21 1104 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 to:10.10.0.90 3 393 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:7707 to:10.10.0.90 0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:7708 to:10.10.0.90 1 95 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:7717 to:10.10.0.90 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075 to:10.10.0.90 7 917 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20560 to:10.10.0.90 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28852 to:10.10.0.90 321 17169 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:28852 to:10.10.0.90 4 240 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6665 to:10.10.0.90 0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:6665 to:10.10.0.90 242 10400 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6550:6660 to:10.10.0.90 2090 117K DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25565 to:10.10.0.90 0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:25565 to:10.10.0.90 835 44956 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8123 to:10.10.0.90 0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:8123 to:10.10.0.90 11 572 DNAT tcp -- eth1 * 0.0.0.0/0 x.x.x.x tcp dpt:25565 to:10.10.0.90 0 0 DNAT udp -- eth1 * 0.0.0.0/0 x.x.x.x udp dpt:25565 to:10.10.0.90 49 2836 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25575 to:10.10.0.90 0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:25575 to:10.10.0.90 0 0 DNAT tcp -- eth1 * 0.0.0.0/0 x.x.x.x tcp dpt:25575 to:10.10.0.90 0 0 DNAT udp -- eth1 * 0.0.0.0/0 x.x.x.x udp dpt:25575 to:10.10.0.90 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:57777 to:10.10.0.86 0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:57777 to:10.10.0.86 195 9952 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27015 to:10.10.0.90 1376 73664 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27015 to:10.10.0.90 32 1608 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27005 to:10.10.0.90 15 1128 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27005 to:10.10.0.90 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5500 to:10.10.0.83 46 2144 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5900:5902 to:10.10.0.83 Chain POSTROUTING (policy ACCEPT 20417 packets, 1194K bytes) pkts bytes target prot opt in out source destination 928K 85M MASQUERADE all -- * * 10.10.0.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * * 10.1.0.0/24 0.0.0.0/0 346K 24M MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 294K packets, 22M bytes) pkts bytes target prot opt in out source destination ======================================================= ip addr ======================================================= 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:08:a1:18:d7:b7 brd ff:ff:ff:ff:ff:ff inet 192.168.100.102/24 brd 192.168.100.255 scope global eth0:1 inet x.x.x.x/24 brd 255.255.255.255 scope global eth0 inet6 fe80::208:a1ff:fe18:d7b7/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:01:29:00:06:95 brd ff:ff:ff:ff:ff:ff inet 10.10.0.251/24 brd 10.10.0.255 scope global eth1 inet6 fe80::201:29ff:fe00:695/64 scope link valid_lft forever preferred_lft forever 34: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 10.1.0.1 peer 10.1.0.2/32 scope global tun0 35: tun1: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 10.0.5.6 peer 10.0.5.5/32 scope global tun1 ======================================================= route -n ======================================================= Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.1.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.0.5.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun1 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 y.y.y.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.0.0 10.0.5.5 255.255.255.0 UG 0 0 0 tun1 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.1.0.0 10.1.0.2 255.255.255.0 UG 0 0 0 tun0 0.0.0.0 y.y.y.y 0.0.0.0 UG 0 0 0 eth0 ======================================================= openvpn client.conf ======================================================= client proto udp dev tun ca angrylemming/ca.crt dh angrylemming/dh2048.pem cert angrylemming/angrylemming.crt key angrylemming/angrylemming.key remote x.x.x.x 1195 cipher DES-CBC user nobody group nogroup verb 2 mute 20 keepalive 10 120 comp-lzo persist-key persist-tun float resolv-retry infinite nobind status angrylemming/openvpn-status.log log-append angrylemming/openvpn.log