Part 2
========

Adjust the firewall settings:
$ vi /etc/network/firewall.conf


Add to firewall.conf:
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tap+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT

into the following file (at the right place... between the lines where the -A INPUT 
statements are followed by the -A OUTPUT statements...):

To enable routing from the subnet provided by eth1, add the line (after the 
line '-A POSTROUTING -o eth0 -j MASQUERADE' in the file):
-A POSTROUTING -o tap0 -j MASQUERADE

Note that it should be the tap, not the tun (that is used in case of the OpenVPN server,
but we are using the client in the bubba-router).

The make the changes life:

$ iptables-restore < /etc/network/firewall.conf

That's it.

Not config the openvpn.... (part3)

===================

As an example the following firewall.conf is given with the added lines:

# Generated by iptables-save v1.4.1.1 on Sun Jul 11 15:33:01 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [580:1109442]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tap+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o tap+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
COMMIT
# Completed on Sun Jul 11 15:33:01 2010
# Generated by iptables-save v1.4.1.1 on Sun Jul 11 15:33:01 2010
*nat
:PREROUTING ACCEPT [106:8572]
:POSTROUTING ACCEPT [30:4206]
:OUTPUT ACCEPT [30:4206]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o tap0 -j MASQUERADE
COMMIT
# Completed on Sun Jul 11 15:33:01 2010
