  • Subject: [Openvpn-users] Openvpn and DMZ
  • From: "Higor Vinicius" <higor.vinicius@xxxxxxxxx>
  • Date: Sat, 19 May 2007 10:13:49 -0300

Hi list!

I´m using openvpn some times, but now I have a serious problem
I have this structure.

Link(fixe ip) -> FW -> Internal Network

But my problem is: I need start openvpn in mode bridge (br0 and tap0),
because my users need access sharing files in my server files and
other services, this is ok, config of openvpn too.

My real problem is: in this my fw I have some rules of prerouting. I
need to offer access to services in my web server, that is inside of
my internal network.
When starts the bridge, my user internals network obtain access
external normaly, but my users externals not obtain access in my web
server internal, I verified that the packets arrived on the web server
(SYN packet), my web server answer (SYN/ACK), but the packets leave to
outside, it means, not return, only packets that process the

What´s happenen?

I have put this rules:

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT

