1

I am installing OpenVPN on my server and according to the tutorial I'm following I have to add the following line to iptables:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

I add it and save it and successfully restart iptables but then I have noticed that when I use CSF, it overrides iptables and this line get erased. How can I prevent CSF+LFD from erasing this line?

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
stressed out
  • 111
  • 5

3 Answers3

0

There is a working steps you may follow to work with CSF+OpenVPN droplet.

ref: https://vvcares.com/blog/post/openvpn-csf-configuration

VVCARES SINGAPORE
  • 1
  • 1
    Welcome to Server Fault! Your answer suggests a workable solution to the question is available via another website. The Stack Exchange family of Q&A websites [generally frowns on this type of answer](https://meta.stackexchange.com/questions/8231/are-answers-that-just-contain-links-elsewhere-really-good-answers). Please read [How do I write a good answer?](http://serverfault.com/help/how-to-answer) and consider revising your answer to include the steps required to resolve the issue. – Paul Nov 13 '21 at 13:41
0

OPENVPN WITH CSF CONFIGURATION There is a working steps you may follow to work with CSF+OpenVPN droplet. ref: https://vvcares.com/blog/post/openvpn-csf-configuration

VVCARES SINGAPORE
  • 1
  • 1
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/502747) – Paul Nov 13 '21 at 14:22
0

For future reference, this is possible by adding a bash file named csfpre.sh in /etc/csf/ directory with the iptables rules that you want CSF to load each time it starts.

On CentOS, I had to write /sbin/iptables instead of iptables alone because writing iptables alone gave the "command not found" error in bash. In other words, you should write

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

in csfpre.sh for it to work correctly.

stressed out
  • 111
  • 5