[SlugBug] Simple Firewall question

[Alan Dawson]

AARRGGHH..

help .. whats broken here .. 

I'm trying to only allow outgoing packets from VPN clients.

Here is my iptables script

<!-- Start -->

echo "1" > /proc/sys/net/ipv4/ip_forward

IPTABLES=/usr/sbin/iptables

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
# Local LAN
$IPTABLES -A FORWARD -i vlan0 -j ACCEPT
$IPTABLES -A FORWARD -o vlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -o vlan0 -j DROP

# Local VPN clients
$IPTABLES -A FORWARD -i openvpn0 -o vlan1 -j ACCEPT

#NAT everything outgoing
$IPTABLES -t nat -A POSTROUTING -o vlan1 -j MASQUERADE
echo 'Starting Firewall'

<!-- Finish -->

But it doesn't work :-(

If i change the default FORWARD policy to ACCEPT ..  of course outgoing from
openvpn0 is allowed.  

Can anybody show me the mistake ?

Cheers,

AED
-- 
"If you make decisions about software -- or anything -- based solely on
short-term cost and benefit, someone with a longer view can easily
manoeuver you into a trap from which it is hard to escape."