OpenWRT: iptables-based Firewall Rules for PPTP and IPsec
Just a handy little reference for myself. #Internal PPTP Server vpnserver="172.16.1.10" iptables -N pptp iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT iptables -A pptp -p gre --dst $vpnserver -j ACCEPT iptables -I FORWARD -j pptp iptables -t nat -N pptp iptables -t nat -A pptp -i $WAN -p tcp --dport 1723 -j DNAT --to $vpnserver iptables -t nat -A pptp -i $WAN -p 47 -j DNAT --to $vpnserver iptables -t nat -A PREROUTING -j pptp
### Gateway Router-based IPSEC VPN # allow IPSEC iptables -A input_rule -p esp -j ACCEPT # allow ISAKMP iptables -A input_rule -p udp -m udp --dport 500 -j ACCEPT # allow NAT-T iptables -A input_rule -p udp -m udp --dport 4500 -j ACCEPT # disable NAT for communications with remote LAN iptables -t nat -A postrouting_rule -d 172.16.0.0/24 -j ACCEPT # Allow any traffic between tunnel LANs iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT