|
|
Hi, I tried to set up openvpn-2.0.2. I took over the sample script for the firewall and added my personal settings. When I try to connect it gets until "Initialisation sequence complete", but nothing is going on. I am not able to ping the corporate network. I did some further checks and the pings are reaching the machine dedicated to, but nothing returns from the firewall. As I took the sample script I cannot imagine of any problem with the firewall script. For completeness reasons here is the snipped iptables-save output: --snip-- # Generated by iptables-save v1.2.11 on Mon Sep 12 12:43:05 2005 *nat :PREROUTING ACCEPT [17243:1443111] :POSTROUTING ACCEPT [10:724] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j MASQUERADE COMMIT # Completed on Mon Sep 12 12:43:05 2005 # Generated by iptables-save v1.2.11 on Mon Sep 12 12:43:05 2005 *filter :INPUT DROP [803:69374] :FORWARD DROP [0:0] :OUTPUT ACCEPT [267:23990] -A INPUT -s 127.0.0.1 -i eth1 -j DROP -A INPUT -d 127.0.0.1 -i eth1 -j DROP -A INPUT -s 192.168.0.0/255.255.0.0 -i eth1 -j DROP -A INPUT -s 172.16.0.0/255.240.0.0 -i eth1 -j DROP -A INPUT -s 10.0.0.0/255.0.0.0 -i eth1 -j DROP -A INPUT -s 127.0.0.1 -j ACCEPT -A INPUT -d 127.0.0.1 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 127.0.0.1 -i eth1 -j DROP -A FORWARD -d 127.0.0.1 -i eth1 -j DROP -A FORWARD -s 192.168.0.0/255.255.0.0 -i eth1 -j DROP -A FORWARD -s 172.16.0.0/255.240.0.0 -i eth1 -j DROP -A FORWARD -s 10.0.0.0/255.0.0.0 -i eth1 -j DROP -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -o eth1 -p tcp -m tcp --sport 137:139 -j DROP -A FORWARD -o eth1 -p udp -m udp --sport 137:139 -j DROP -A FORWARD -s ! 192.168.0.0/255.255.255.0 -i eth0 -j DROP -A FORWARD -i tun+ -j ACCEPT -A FORWARD -i eth0 -j ACCEPT -A FORWARD -o eth1 -m state --state NEW -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth1 -p tcp -m tcp --sport 137:139 -j DROP -A OUTPUT -o eth1 -p udp -m udp --sport 137:139 -j DROP -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 25 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 25 -j ACCEPT -A OUTPUT -o eth1 -m state --state NEW -j ACCEPT COMMIT # Completed on Mon Sep 12 12:43:05 2005 --snip-- Does anyone of you have hint? Thanks in advance, Christophorus -- Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00127.html on line 242 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00127.html on line 242 |