We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?
-
- Posts: 4
- Joined: Wed May 17, 2017 6:37 pm
HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?
I have installed OpenVPN with the DigitalOcean article. It was work very well and I have installed 3 IP failover on my VPS. I succeed to forward my OUT IP on my VPN with each ips failover.
With this configuration in /etc/ufw/before.rules (I just need to comment and uncomment the IP I want to use)
It worked very well. But since I installed VestaCp on my VPS to managed website with the third IP failover (Didn't use by my VPN). I open the port of VPN UDP/1194 on the Vesta Control Panel. My VPN works excepted that I can't change my forward POSTROUTING ... SNAT --to-source 88.123.36.12 Because VestaCP doesn't use UFW.
So, I try to manage the iptable directly in CLI sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12 but it changes nothing.
My ifconfig :
Did you have an idea how can I solve my problem and change/manage my out address IP when I want?
Thank you very much
With this configuration in /etc/ufw/before.rules (I just need to comment and uncomment the IP I want to use)
Code: Select all
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 176.43.232.12
#-A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12
##COMMIT
# END OPENVPN RULES
So, I try to manage the iptable directly in CLI sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12 but it changes nothing.
My ifconfig :
Code: Select all
ens3 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:217.182.91.17 Bcast:217.54.67.7
Mask:255.255.255.255
inet6 addr: fe80::f816:3eff:fe6d:e2cc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:115436 errors:0 dropped:0 overruns:0 frame:0
TX packets:109982 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19909467 (19.9 MB) TX bytes:25957589 (25.9 MB)
ens3:0 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:176.43.232.12 Bcast:176.43.232.12 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ens3:1 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:88.123.36.12 Bcast:88.123.36.12 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ens3:2 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:94.58.205.12 Bcast:94.58.205.12 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1478 errors:0 dropped:0 overruns:0 frame:0
TX packets:1478 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1106877 (1.1 MB) TX bytes:1106877 (1.1 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5317 errors:0 dropped:0 overruns:0 frame:0
TX packets:6942 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:791672 (791.6 KB) TX bytes:6107499 (6.1 MB)
Thank you very much
-
- Posts: 4
- Joined: Wed May 17, 2017 6:37 pm
Re: HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?
I solved my problem :
The new iptables rules is now in
How can I change my iptables NAT FORWARDING and be executed without reboot the server ? Thanks
The new iptables rules is now in
Code: Select all
/etc/iptables.rules