[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Map network drives

  • Subject: Re: [Openvpn-users] Map network drives
  • From: Matteo Lunardi <matteo.lunardi@xxxxxxxxx>
  • Date: Wed, 03 Nov 2004 18:30:25 +0100
Emmanuel Polet ha scritto:
I'm not quite sure what iptables rules to add...
Would this do :
iptables -A INPUT -s 10.3.0.2 -i eth0 -p udp -m udp --dport 137:138 -j ACCEPT
iptables -A OUTPUT -s 10.3.0.2 -o eth1 -p udp -m udp --dport 137:138 -j ACCEPT

etc. ?

Would that be enough ?

You must use the tun interface, since on the external real interface (eth0 ?) the packets come encrypted.
With ipchains I use the following rules, supposing 10.3.0.2 the IP of the openvpn client and 10.0.0.0 255.255.255.0 the network on which the shares are; I have filter rules also for packets from internal interface (eth1 for me), so there are rules also for eth1 in my example.

Bye.
Matteo.

P.s.: I know that in ipchains there's the option -b for bidirectional rules, but I don't remember why I didn' use it... ;-)

#tun0 rules
ipchains -A input -j ACCEPT -i tun0 -p udp -s 10.3.0.2/32 137 -d 10.0.0.0/24 137
ipchains -A output -j ACCEPT -i tun0 -p udp -s 10.0.0.0/24 137 -d 10.3.0.2/32 137

ipchains -A input -j ACCEPT -i tun0 -p udp -s 10.3.0.2/32 138 -d 10.0.0.0/24 138
ipchains -A output -j ACCEPT -i tun0 -p udp -s 10.0.0.0/24 138 -d 10.3.0.2/32 138

ipchains -A input -j ACCEPT -i tun0 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 139
ipchains -A output -j ACCEPT -i tun0 -p tcp -s 10.0.0.0/24 139 -d 10.3.0.2/32

ipchains -A input -j ACCEPT -i tun0 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 445
ipchains -A output -j ACCEPT -i tun0 -p tcp -s 10.0.0.0/24 445 -d 10.3.0.2/32

#eth1 rules
ipchains -A input -j ACCEPT -i eth1 -p udp -s 10.0.0.0/24 137 -d 10.3.0.2/32 137
ipchains -A output -j ACCEPT -i eth1 -p udp -s 10.3.0.2/32 137 -d 10.0.0.0/24 137

ipchains -A input -j ACCEPT -i eth1 -p udp -s 10.0.0.0/24 138 -d 10.3.0.2/32 138
ipchains -A output -j ACCEPT -i eth1 -p udp -s 10.3.0.2/32 138 -d 10.0.0.0/24 138

ipchains -A input -j ACCEPT -i eth1 -p tcp -s 10.0.0.0/24 139 -d 10.3.0.2/32
ipchains -A output -j ACCEPT -i eth1 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 139

ipchains -A input -j ACCEPT -i eth1 -p tcp -s 10.0.0.0/24 445 -d 10.3.0.2/32
ipchains -A output -j ACCEPT -i eth1 -p tcp -s 10.3.0.2/32 -d 10.0.0.0/24 445

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-11/msg00079.html on line 236

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-11/msg00079.html on line 236