1

I want to setup a VPN server for personal use, so I follow the blog article [1], and it work like a charm.

The only thing I am wondering is if the iptable's rule secure, e.g.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

And I have only one public interface eth0, are there any risk in using the rule above?

From other place, I see other alternatives of iptable rules, e.g.

1.

sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

2.

iptables -A FORWARD -i ppp+ -o eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -o ppp+ -i eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT

3.

iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT

iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT 
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

So, is my original rule secure?

Thanks.

[1] http://blog.riobard.com/2011/11/12/pptp-vpn-on-ubuntu/

Ryan
  • 5,831
  • 24
  • 72
  • 91

1 Answers1

3

You're using PPTP, so it's already insecure.

As for the masquerade rule, that's required to implement NAT, and you wouldn't be able to access public Internet addresses without it.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Hi, thanks first. I have updated the alternatives and I wonder if they are needed. My current one is working, but just want to know if there is any risk. Thanks – Ryan Mar 28 '13 at 04:45