I have a setup with iptables this I use already on many previous versions of debian before, now with debian buster it does not work.
I want to route all traffic from tun0 (openvpn) via iptables to a specific port, here is my rules.v4:
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:MY_REJECT - [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i ens32 -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -j MY_REJECT
-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j MY_REJECT
-A OUTPUT -m state --state INVALID -j DROP
-A MY_REJECT -p tcp -j REJECT --reject-with tcp-reset
-A MY_REJECT -p udp -j REJECT --reject-with icmp-port-unreachable
-A MY_REJECT -p icmp -j DROP
-A MY_REJECT -j REJECT --reject-with icmp-proto-unreachable
COMMIT
*nat
:PREROUTING ACCEPT
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT
-A PREROUTING -i tun0 -p tcp --syn -j REDIRECT --to-ports 9040
-A POSTROUTING -s 10.1.0.0/24 -o ens32 -j MASQUERADE
COMMIT
the same setup on previous debian is working without problems, thank you
the output of iptables -t nat -nvL:
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp redir ports 9040
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 60 packets, 4280 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * ens32 10.1.0.0/24 0.0.0.0/0
[edit: 8. June] I did some changes, please see the update in the 'iptables -t nat - L -vn' it is definitly the REDIRECT that does not work I test all incomming traffic, I can see all traffic comming to tun0 but not redirect to port 9040
