You need to set up some iptables rules to enable traffic to flow. I presume you will want to do NAT across the laptop.
Here is a small firewall that I use on a raspberry pi running the raspbian OS. This pi is set up to be a VPN gateway on my LAN; I have some of my other devices use it as a gateway and their traffic flows out to the internet via a VPN. This traffic arrives from the LAN on the eth0 interface and leaves on the proton0 interface.
The structure of the firewall is exactly what you need on your laptop, though you will have to fiddle a bit with the details.
- Code: Select all
cat /usr/local/bin/firewall.sh
#!/usr/bin/env bash
echo 1 >/proc/sys/net/ipv4/ip_forward
# Clear all rules
iptables -F
iptables -t nat -F
# Default drop incoming
iptables -P INPUT DROP
# Don't forward traffic
iptables -P FORWARD DROP
# Allow outgoing traffic
iptables -P OUTPUT ACCEPT
# Allow localhost traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# block any traffic that does not belong to our lan
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i proton0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
# enable traffic from the lan to the vpn tunnel
iptables -t nat -A POSTROUTING -o proton0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o proton0 -j ACCEPT
iptables -A FORWARD -i proton0 -m state --state ESTABLISHED,RELATED -j ACCEPT