|
table nat {
|
|
chain prerouting {
|
|
type nat hook prerouting priority 0;
|
|
comment "this is necessary even if empty";
|
|
}
|
|
|
|
chain postrouting {
|
|
type nat hook postrouting priority 100;
|
|
comment "enable NAT for VPN";
|
|
iifname "tun0" oifname "eth0" ip saddr $VPN_SUBNET masquerade;
|
|
}
|
|
}
|