Adapting UFW rules + OpenVPN with 10.0.1.x subnet?

TL;DR version:

How can I adapt the UFW rule

sudo ufw allow out on eth0 to 192.168.1.0/24

to a wlan that uses the 10.0.1.x subnet?

Also, will I need to adapt the/etc/ufw/before.rules postrouting addressing in

-A POSTROUTING -s 10.8.0.0/8 -o wlan0 -j MASQUERADE

given my wlan’s subnet?


Detailed version:

(Please note: I’m still very new to Ubuntu and do not understand networking at all. I tried to draw useful conclusions from reading this but it’s over my head. FWIW, I can generally follow instructions on using the terminal, etc., and did set basic UFW rules previously.)

I’m trying to follow this tutorial on connecting to VPN with UFW rules in place to prevent leaks, but I’m stumped on the exact address range to write in for a given rule.

In the Tutorial’s section titled Enable & Configure UFW Rules, the last rule suggested reads

sudo ufw allow out on eth0 to 192.168.1.0/24

(Only needed in Home / Office Mode this will allow traffic to the router/internal network which in this case is located on 192.168.1.0/24. If your computer has multiple network interfaces you can add the interface which you want to use i.e sudo ufw allow out on wlan0 to 192.168.1.0/24 edit your internal network subnet accordingly)

I think I understand what this is doing–telling my machine to allow communicating out to the address range subnet represented by 192.168.1.0/24 --but I do not think my router uses that. In my router’s GUI interface, I see it has the DHCP range 10.0.1.2 - 10.0.1.200 available for clients.

Question 1: If I were to adjust the rule to

sudo ufw allow out on wlan0 to 10.0.1.0/8

would that achieve the same goal? Or is this range wrong because it’s covering more addresses than the available DHCP range? Is the manner in which I write the rule affected by whether other devices (i.e., other client machines) are connecting to my router (and thus, taking addresses dynamically)?

Question 2: Later in the Tutorial, some more code is given for changing /etc/ufw/before.rules to include:

# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 and Wlan0 -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/8 -o wlan0 -j MASQUERADE COMMIT # END OPENVPN RULES

Should the postrouting code remain the same (specifically the 10.8.0.0/8 addressing) even though my router’s addresses are in the 10.0.1.x range?

Any help is appreciated.